[HOWTO] Tomoyo - Apparmor - Application Based Firewall
Posted: Aug 12th, '14, 03:07Hello all
it's been a while i am looking for a firewall based application for my mageia server and finally i find a way after a long lonnnnnggggg looonngggg time lol
What is it about :
- Use tomoyo as an alternative to Apparmor in the purpose of Firewall Based Application
Note :
- To edit all the files described below and to execute any of the described commands you need local root access rights.
The firewall setting works as a white list, when you're done with this tutorial, any Internet access to or from any application on your computer will be blocked by default,
you will need to enable it explicitly for selected application by using "tomoyo-editpolicy" and changing it's profile from 0 to 1 as simple as that.
Tested :
- Mageia v3
Check :
- "cat /boot/config | grep SECURITY"
- to check if tomoyo is activated, normally it is by default
Activate Tomoyo :
- "sudo gedit /boot/config"
- And add/edit those lines :
Install Needed Package :
- "sudo mcc &" and go to "add remove package"
- install the package tomoyo-tools
Reboot :
- Reboot the system
Initialize Tomoyo default configs and profiles:
- "sudo /usr/lib/tomoyo/init_policy"
Edit the default profiles:
"sudo gedit /etc/tomoyo/policy/current/profile.conf" - Import or override your entries with the following code
Reboot :
- Reboot the system
Usage :
- You can edit any rule by executing:
- "sudo tomoyo-editpolicy"
- And then after editing
- "sudo tomoyo-savepolicy"
Usage Help :
- Before you can allow an application you have to run it at least once, that way Tomoyo notes the application's existence.
- After "sudo tomoyo-editpolicy" by pressing s you can change application's profile 0=block all Internet access, 1=allow all Internet access, you can press f to search an application then n to look for the next occurrence, you can exit the policy editor by pressing q.
- After any changes you made to the policy, you need to save it to the disk, to do so, just type in the terminal : "sudo tomoyo-savepolicy"
Yes it's that simple !!!!!!!!!
EEENNNNNNNJJJJOOOOOOOOOYYYYYYYYYYYY !!!!!
it's been a while i am looking for a firewall based application for my mageia server and finally i find a way after a long lonnnnnggggg looonngggg time lol
What is it about :
- Use tomoyo as an alternative to Apparmor in the purpose of Firewall Based Application
Note :
- To edit all the files described below and to execute any of the described commands you need local root access rights.
The firewall setting works as a white list, when you're done with this tutorial, any Internet access to or from any application on your computer will be blocked by default,
you will need to enable it explicitly for selected application by using "tomoyo-editpolicy" and changing it's profile from 0 to 1 as simple as that.
Tested :
- Mageia v3
Check :
- "cat /boot/config | grep SECURITY"
- to check if tomoyo is activated, normally it is by default
Activate Tomoyo :
- "sudo gedit /boot/config"
- And add/edit those lines :
- Code: Select all
CONFIG_SECURITY_TOMOYO=y
CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
CONFIG_DEFAULT_SECURITY_TOMOYO=y
Install Needed Package :
- "sudo mcc &" and go to "add remove package"
- install the package tomoyo-tools
Reboot :
- Reboot the system
Initialize Tomoyo default configs and profiles:
- "sudo /usr/lib/tomoyo/init_policy"
Edit the default profiles:
"sudo gedit /etc/tomoyo/policy/current/profile.conf" - Import or override your entries with the following code
- Code: Select all
PROFILE_VERSION=20110903
0-COMMENT=-----block network inet-----
0-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
0-CONFIG={ mode=disabled grant_log=no reject_log=no }
0-CONFIG::network::unix_stream_bind={ mode=disabled grant_log=no reject_log=no }
0-CONFIG::network::unix_stream_listen={ mode=disabled grant_log=no reject_log=no }
0-CONFIG::network::unix_stream_connect={ mode=disabled grant_log=no reject_log=no }
0-CONFIG::network::unix_dgram_bind={ mode=disabled grant_log=no reject_log=no }
0-CONFIG::network::unix_dgram_send={ mode=disabled grant_log=no reject_log=no }
0-CONFIG::network::unix_seqpacket_bind={ mode=disabled grant_log=no reject_log=no }
0-CONFIG::network::unix_seqpacket_listen={ mode=disabled grant_log=no reject_log=no }
0-CONFIG::network::unix_seqpacket_connect={ mode=disabled grant_log=no reject_log=no }
0-CONFIG::network={ mode=enforcing grant_log=no reject_log=yes }
1-COMMENT=-----allow all-----
1-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
1-CONFIG={ mode=disabled grant_log=no reject_log=no }
2-COMMENT=-----Permissive Mode-----
2-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
2-CONFIG={ mode=permissive grant_log=no reject_log=yes }
3-COMMENT=-----Enforcing Mode-----
3-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
3-CONFIG={ mode=enforcing grant_log=no reject_log=yes }
Reboot :
- Reboot the system
Usage :
- You can edit any rule by executing:
- "sudo tomoyo-editpolicy"
- And then after editing
- "sudo tomoyo-savepolicy"
Usage Help :
- Before you can allow an application you have to run it at least once, that way Tomoyo notes the application's existence.
- After "sudo tomoyo-editpolicy" by pressing s you can change application's profile 0=block all Internet access, 1=allow all Internet access, you can press f to search an application then n to look for the next occurrence, you can exit the policy editor by pressing q.
- After any changes you made to the policy, you need to save it to the disk, to do so, just type in the terminal : "sudo tomoyo-savepolicy"
Yes it's that simple !!!!!!!!!
EEENNNNNNNJJJJOOOOOOOOOYYYYYYYYYYYY !!!!!
