******************************************************************

	    Sys Admin Magazine -- News and Reviews	 
		          July 2003

******************************************************************

This month, Evan Sarmiento introduces TrustedBSD's ACL functionality 
and describes its MAC framework by detailing the use of three 
previously listed MAC modules. He also explains how systems 
administrators can design their own security policies for a 
given system. 

******************************************************************
Sponsor: PureMessage by ActiveState
===========================================

Webcast: Choosing and Deploying an Anti-Spam Solution
July 29, 10AM PDT

Choosing the right anti-spam solution is critical. Register for this
free webcast featuring Giga Research and Vignette and learn how leading
companies are stopping spam in the enterprise.

Find out more:
http://click.sysadmin.email-publisher.com/maabiCAaaZtEZa2sokSb/
******************************************************************

Using TrustedBSD 
by Evan Sarmiento  

TrustedBSD provides a set of trusted operating system extensions 
to FreeBSD. Currently, these extensions can be downloaded from 
http://www.TrustedBSD.org, but most of them (ACL and MAC -- Mandatory 
Access Control) have been integrated into the FreeBSD-current tree. 
The MAC framework allows security policies to be set dynamically at 
runtime. The MAC Framework essentially gives the developer the access 
to define a security policy that works by positioning the developer's 
code within kernel functions. The developer's security policy can 
either augment the traditional FreeBSD discretionary access control 
policy, or replace it entirely. Essentially, the MAC framework allows 
the systems administrator to give fine-grained privileges to each user 
through modifying the existing security policy to match the needs of 
the given system. TrustedBSD comes prepackaged with a few MAC security 
modules, which augment the security policies of the given system or 
add new features -- Biba Integrity Policy and File System Firewall 
Policy, among others. 

TrustedBSD also provides the concept of labels. Labels are extraneous 
pieces of information that are grafted onto various kernel structures. 
These labels can be filled with information that can be used by MAC 
modules to determine the outcome of a security check. Access Control 
List (ACL) functionality is also provided. In this article, I'll 
introduce TrustedBSD's ACL functionality and describes its MAC 
framework by detailing the use of three previously listed MAC 
modules. I'll also explain how systems administrators can design 
their own security policies for a given system. 

To read the rest of Evan's article, go to:
http://click.sysadmin.email-publisher.com/maabiCAaaZtE1a2sokSb/
         
******************************************************************
FREE 14-day Evaluation:  NeedTEXT Shell is the industry-leading 
solution for remote network monitoring from a wireless handheld 
device. System administrators can use all of their standard 
command-line utilities, such as SSH, ftp, top, etc. directly from 
a RIM BlackBerry, to diagnose and fix problems from anywhere, 
at any time. Visit:  
http://click.sysadmin.email-publisher.com/maabiCAaaZtE2a2sokSb/
******************************************************************
CALL FOR PAPERS  

Enterprise Administration
We're looking for practical, high-end discussions of storage, 
clustering, security, and advanced networking solutions based 
on your expertise and insights.

Open Source
We're looking for original uses of classic tools such as Apache, 
Samba, and MySQL; custom solutions built from open source components; 
and descriptions of useful open source utilities.

Scripting
Describe how you improved your life with the perfect Perl, shell, 
PHP, Python, or Tcl/Tk script.

We suggest that if you are interested in contributing, you first 
submit a proposal to us. If the proposal seems appropriate, we'll 
ask you to submit a manuscript. If the manuscript is accepted, 
we'll edit it, print it, and pay you for it. For more detailed 
information, refer to the author guidelines. Please address requests 
for guidelines, proposals, and manuscripts to: 

Rikki Endsley
Associate Managing Editor
email: rendsley@cmp.com 
******************************************************************
EDUCATIONAL DISCOUNTS: CanIt-PRO anti-spam solution
Universities, colleges and institutions choose Roaring Penguin 
Software's CanIt-PRO, the most effective email filtering product. 
CanIt-PRO offers unparalleled flexibility for administrators and 
end users, and never discards a valid email. Complimentary evaluations 
and educational discounts are available. Visit Roaring Penguin 
Software at ACUTA '03 booth #421.
http://click.sysadmin.email-publisher.com/maabiCAaaZtE3a2sokSb/
******************************************************************
Newsletter Subscription Information

Please feel free to share this newsletter with interested parties
via email (not on bulletin boards).  To subscribe, see:
http://click.sysadmin.email-publisher.com/maabiCAaaZtE4a2sokSb/

Email comments to: aankerholz@cmp.com
******************************************************************
LINUXWORLD CONFERENCE & EXPO  - REGISTER NOW!

LEARN how companies have achieved higher profits and increased their
productivity by utilizing Linux
PARTICIPATE in LinuxWorld's world-class education program and benefit 
from interactive training in the all-new Hands-on Labs!
DISCOVER the latest innovations and technologies from the hottest 
companies around
HEAR the latest developments and updates on the state of open source 
at our analyst roundtable discussion
ATTEND exciting keynote addresses from Hewlett-Packard, Sun 
Microsystems,
Red Hat, IBM and Oracle
Register today!   
http://click.sysadmin.email-publisher.com/maabiCAaaZtE5a2sokSb/
When Registering, enter priority code LSUR