[grsec] Connect statement in policy.
John Anderson
johnha at ccbill.com
Wed Feb 23 14:14:17 EST 2005
Brad,
Thanks for the speedy reply. Yes, that would be acceptable. A restart
of the RBAC system would most definitely be easier to deal with than
changing the policy files on multiple servers throughout the enterprise
should a hostname be changed.
Thanks!
Brad Spengler wrote:
>On Wed, Feb 23, 2005 at 11:07:21AM -0700, John Anderson wrote:
>
>
>>Is there any way currently to use hostnames instead of IP/SNM in the
>>Connect: clause of a policy file? I've tried several different methods
>>with no luck. Unfortunately the docs I have are pretty old. If there
>>is no way currently, is this capability being planned for future releases?
>>
>>
>
>It doesn't currently, but it is something I could add to my TODO list.
>The only caveat my proposed implementation is that the hostnames would be
>interpreted in userspace and expanded into whatever IPs they resolve to,
>and then those IPs will be passed to the kernel. This means that if you
>changed the IP a hostname resolved to, you would need to restart the
>RBAC system. Would this be acceptable for what you wanted hostnames
>for?
>
>-Brad
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>grsecurity mailing list
>grsecurity at grsecurity.net
>http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>
>
--
- John A.
Systems Administrator
CCBill, LLC.
More information about the grsecurity
mailing list