Anyone here use Tomoyo Linux? (if not, maybe you should try it)
by zeebra from LinuxQuestions.org on (#5MJC3)
If you use it, what is your experience? Why do you use it, and what do you use it for mostly/exactly?
If NOT, then, why do so few people here use Tomoyo? Why do you not use it?
I'm asking because I see very few topics on Linuxquestions about Tomoyo, and I'm kind of wondering why that is. And, if you don't use Tomoyo, do you use another LSM. If not, why? And I don't mean those that just got Selinux/Apparmor with their distro without actively using it themselves. So don't say yes if you're one of them, then specify that you use it for that reason.
I'm just generally curious. I do understand peoples aversion to using SELinux, for being complicated to set up and manage and taking alot of effort. But I also appreciate that people do use SELinux despite that. But other than that, I think both Apparmor and Tomoyo are "easy" alternatives to SELinux, and should not have such a high treshhold for using.
In particular I think Tomoyo is something alot of people could use quite easily. So I don't understand why so few people on Linuxquestions do, or talk about it. I guess one reason might be that you don't have control of what is included in the Kernel of your distro, and don't have the ability to include Tomoyo. That's a valid argument. But other than that, Tomoyo is extremely easy to implement if you have any knowledge of how to deal with the Kernel. User tools are very easy to install and generally easy to use. Tomoyo don't even have to be intrusive if you "enable" it, you can just install it and let it sit there and analyze your system. From there on you can scale your use of Tomoyo from locking almost nothing, to locking almost everything. And doing so is easy and efficient.
Tomoyo is probably the easiest of the LSM to use and manage, which makes me curious as to why the usage among Linuxquestions folks is not more active. It's not perfect security, and even the creators say a more "ideal" solution is to use both Tomoyo and SELinux together. But, it is alot more than nothing, and it can easily restrict some questionable default behaviours and access on any regular distro and "easily" add a substantial layer of security with very light effort. Including webservers!! It even has a specific module to extrend special security for Apache (more easily). Why don't the "apache tribe" here use Tomoyo?
This leads me back to the original question..
And yes, I do want to promote Tomoyo and encourage people to try it and use it. It is extremely light/minimalistic and fairly easy to implement and use. It's actually highly impressive. So if you haven't tried, then give it a try!
Quote:
Really? Well, if that is the case, that is ofcourse an issue. But I actually thought/assumed most people at least know or have an idea what Tomoyo Linux is. My bad! You might be very right! I should do what you said. So, here we go.
- Tomoyo Linux is an implementation of Linux MAC (Mandatory Access Control) through LSM (Linux Security Modules). It is part of the Linux Kernel that you can use and activate if you want.
- LSM is a Linux Kernel Framework to support various Kernel based security models.
- MAC is a security model that locks down all system access which is not specified to be allowed (access policies)
And in other words and further information:
https://en.wikipedia.org/wiki/Tomoyo_Linux
https://tomoyo.osdn.jp/
Quote:
Ok, so, why people should use it, ehm, I think other people could come up with alot better reason than I can. But, basically to secure their system further than what default security does. And one of the reasons people SHOULD use it in my opinion, is because alot of people talk about security around here, but they don't really DO something substantial about it. Tomoyo CAN do something substantial about it, and might be a replacement for YOUR non MAC based security solutions. That includes alot of talk on these forums about among others Apache/webserver and things like openSSH. It's also good to use to understand what your system and software is actually doing. It's good to further learn about your system.
Alot of perceived security issues discussed around here can be solved by implementing MAC on your system. Tomoyo is one of those MAC solutions.
If NOT, then, why do so few people here use Tomoyo? Why do you not use it?
I'm asking because I see very few topics on Linuxquestions about Tomoyo, and I'm kind of wondering why that is. And, if you don't use Tomoyo, do you use another LSM. If not, why? And I don't mean those that just got Selinux/Apparmor with their distro without actively using it themselves. So don't say yes if you're one of them, then specify that you use it for that reason.
I'm just generally curious. I do understand peoples aversion to using SELinux, for being complicated to set up and manage and taking alot of effort. But I also appreciate that people do use SELinux despite that. But other than that, I think both Apparmor and Tomoyo are "easy" alternatives to SELinux, and should not have such a high treshhold for using.
In particular I think Tomoyo is something alot of people could use quite easily. So I don't understand why so few people on Linuxquestions do, or talk about it. I guess one reason might be that you don't have control of what is included in the Kernel of your distro, and don't have the ability to include Tomoyo. That's a valid argument. But other than that, Tomoyo is extremely easy to implement if you have any knowledge of how to deal with the Kernel. User tools are very easy to install and generally easy to use. Tomoyo don't even have to be intrusive if you "enable" it, you can just install it and let it sit there and analyze your system. From there on you can scale your use of Tomoyo from locking almost nothing, to locking almost everything. And doing so is easy and efficient.
Tomoyo is probably the easiest of the LSM to use and manage, which makes me curious as to why the usage among Linuxquestions folks is not more active. It's not perfect security, and even the creators say a more "ideal" solution is to use both Tomoyo and SELinux together. But, it is alot more than nothing, and it can easily restrict some questionable default behaviours and access on any regular distro and "easily" add a substantial layer of security with very light effort. Including webservers!! It even has a specific module to extrend special security for Apache (more easily). Why don't the "apache tribe" here use Tomoyo?
This leads me back to the original question..
And yes, I do want to promote Tomoyo and encourage people to try it and use it. It is extremely light/minimalistic and fairly easy to implement and use. It's actually highly impressive. So if you haven't tried, then give it a try!
Quote:
| Originally Posted by rkelsen(Post 6269427)All of that without saying what it is, what it does or why we should use it. |
- Tomoyo Linux is an implementation of Linux MAC (Mandatory Access Control) through LSM (Linux Security Modules). It is part of the Linux Kernel that you can use and activate if you want.
- LSM is a Linux Kernel Framework to support various Kernel based security models.
- MAC is a security model that locks down all system access which is not specified to be allowed (access policies)
And in other words and further information:
https://en.wikipedia.org/wiki/Tomoyo_Linux
https://tomoyo.osdn.jp/
Quote:
| Originally Posted by Tomoyo.osdn.jpA security module for system analysis and protection TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and had been sponsored by NTT DATA Corporation, Japan until March 2012. TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator. The main features of TOMOYO Linux include: System analysis Increased security through Mandatory Access Control Tools to aid in policy generation Simple syntax Easy to use Very few dependencies Requires no modification of existing binaries |
Alot of perceived security issues discussed around here can be solved by implementing MAC on your system. Tomoyo is one of those MAC solutions.