Add a large section explaining that a "planning phase" is a good idea.
This commit is contained in:
Tom Rhodes
parent
4cf1c40ada
commit
0bda358efe
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=27598
1 changed files with 33 additions and 0 deletions
|
|
@ -832,6 +832,39 @@ test: biba/high</screen>
|
||||||
</sect2>
|
</sect2>
|
||||||
</sect1>
|
</sect1>
|
||||||
|
|
||||||
|
<sect1 id="mac-planning">
|
||||||
|
<title>Planning the Security Configuring</title>
|
||||||
|
|
||||||
|
<para>As with implementing any technology, there must be a planning
|
||||||
|
phase. During this time is it best an administrator looks at
|
||||||
|
their plight as a whole and defines exactly what is needed.
|
||||||
|
Examine thoroughly what requirements exist, how to accomplish
|
||||||
|
the final goal. How must information be classified or restricted,
|
||||||
|
what users should be given access and which <acronym>MAC</acronym>
|
||||||
|
module or modules will be required to achieve this goal.</para>
|
||||||
|
|
||||||
|
<para>Although it is always possible to reconfigure and change the
|
||||||
|
system resources and security settings, it is inconvenient to
|
||||||
|
search through the system and fix existing files and user
|
||||||
|
accounts. Planning helps to ensure a trouble-free and efficient
|
||||||
|
trusted system implementation. A trial run of the trusted system,
|
||||||
|
including the configuration, is often vital and definitely
|
||||||
|
beneficial before. The idea of just letting loose on a system
|
||||||
|
with <acronym>MAC</acronym> is like setting up for failure.</para>
|
||||||
|
|
||||||
|
<para>Different environments may have explicit needs and
|
||||||
|
requirements. Establishing an in depth and complete security
|
||||||
|
profile will decrease the need of changes once the system
|
||||||
|
goes live. As such, the future sections will cover the
|
||||||
|
different modules available to administrators; describe their
|
||||||
|
use and configuration; and in some cases provide insight on
|
||||||
|
what situations they would be most suitable for. For instance,
|
||||||
|
a web server might roll out the &man.mac.biba.4; and
|
||||||
|
&man.mac.bsdextended.4; policies. In other cases, a machine
|
||||||
|
with very few local users, the &man.mac.partition.4; might
|
||||||
|
be a good choice.</para>
|
||||||
|
</sect1>
|
||||||
|
|
||||||
<sect1 id="mac-modules">
|
<sect1 id="mac-modules">
|
||||||
<title>Module Configuration</title>
|
<title>Module Configuration</title>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue