filter by application name

filter by application name

[Deb ian]

Hello,

I want to build a firewall with iptable, and i need to filtre by 
application name. I see it's possible with

iptables -A INPUT -m owner --cmd-owner sshd

But --cmd-owner is not integred since 2.6.15 kernel, and i'am on debian 
etch (kernel 2.6.18).

How can i do this, a path exist for it? Or over solution?

Thanks you.

PS:Sorry for my bad english.

Re: filter by application name

[Tom Eastep]

[-- Attachment #1: Type: text/plain, Size: 615 bytes --]

Deb ian wrote:
> Hello,
> 
> I want to build a firewall with iptable, and i need to filtre by
> application name. I see it's possible with
> 
> iptables -A INPUT -m owner --cmd-owner sshd
> 
> But --cmd-owner is not integred since 2.6.15 kernel, and i'am on debian
> etch (kernel 2.6.18).
> 
> How can i do this, a path exist for it? Or over solution?

tuxguardian.sf.net

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

Re: filter by application name

[R. DuFresne]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 22 Jun 2007, Tom Eastep wrote:

> Deb ian wrote:
>> Hello,
>>
>> I want to build a firewall with iptable, and i need to filtre by
>> application name. I see it's possible with
>>
>> iptables -A INPUT -m owner --cmd-owner sshd
>>
>> But --cmd-owner is not integred since 2.6.15 kernel, and i'am on debian
>> etch (kernel 2.6.18).
>>
>> How can i do this, a path exist for it? Or over solution?
>
> tuxguardian.sf.net
>


Interesting.  I get the impression tuxguardian is not quite a deep 
inspection FW nor an real application proxy, but has hooks to permit and 
eny on command hashes?  I'd like to see more of their docs, not alot 
online that I saw.  Might have to go through their code if more info is 
not available...


Thanks,

Ron DuFresne
- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGfLr7st+vzJSwZikRAlVRAJ9JU/UkLbPxUP3eBdZ/3se2AiJOcACbBwPx
U5OlZ/z9rgBa58ezdVvNz10=
=baB0
-----END PGP SIGNATURE-----

Re: filter by application name

[Daniel Lopes]

R. DuFresne schrieb:

> Interesting.  I get the impression tuxguardian is not quite a deep 
> inspection FW nor an real application proxy, but has hooks to permit and 
> eny on command hashes?  I'd like to see more of their docs, not alot 
> online that I saw.  Might have to go through their code if more info is 
> not available...
> 
> 
> Thanks,
> 
> Ron DuFresne

Hi,

they seem to use the LSM framework (like apparmor). This are the hooks, 
they can use to allow or deny socket opening for example, I guess.

greetings

Daniel