Yintoni iArmArmor kunye nendlela ephucula ngayo ukhuseleko kwiLinux

Diego Germán González

Imizuzu ye4

Yintoni iAppArmor ye

Ixesha elide, abasebenzisi beLinux babefana nabalinganiswa abaphambili bebali lehagu ezintathu ezincinci. Imvakalelo engeyonyani yasikhokelela ekubeni sikholelwe ukuba sikhuselekile kwiingxaki zokhuseleko ezithi iiWindows zibe ngamaxhoba rhoqo.

Inyaniso isibonakalisile ukuba asinakuba sengozini njengoko sasicinga. Nangona kunjalo, ukunyaniseka, uninzi lwezinto ezisemngciphekweni ezichaziweyo ziye zafunyanwa kwiilebhu zokhuseleko lwekhompyuter kwaye, iimeko eziyimfuneko ukuzisebenzisa azikho kwihlabathi lokwenyani, kusekho iingxaki ezaneleyo ukuze singathobisi.

Amanyathelo okhuseleko lweLinux kernel

Imvumelwano ngokubanzi phakathi kweengcali zezokhuseleko ze-IT kukuba amanyathelo okuthintela ukungena okungagunyaziswanga kwinkqubo efana nezicima mlilo okanye iindlela zokufumanisa ukungena azisekho kwanele ukumisa uhlaselo oluntsonkothileyo. Kuyimfuneko ukuseka umgca omtsha wokhuselo oya kuthi, kwimeko yokungena okungagunyaziswanga kwinkqubo, angavumeli umhlaseli ukuba enze nantoni na eyingozi.

Umgaqo wamalungelo amancinci

Umgaqo wamalungelo amancinci useka njengomgaqo osisiseko wokhuseleko Abasebenzisi benkqubo yekhompyuter kufuneka bafumane kuphela iseti encinci yamalungelo kunye nezixhobo eziyimfuneko ukuze benze umsebenzi wabo othile. Ngale ndlela, ukusetyenziswa gwenxa okanye ukungakhathali kwesicelo kuncitshisiwe okanye kuthintelwe ekubeni ngumngenisi wecala lokuhlaselwa kwekhompyuter.

Ixesha elide, ii-linuxers zakha ukuzithemba kwethu kukhuseleko lwenkqubo yethu yokusebenza kwendlela ye-kernel eyaziwa ngokuba yi-Discretionary Access Control. Ulawulo lokufikelela kwi discretionary luchaza ukuba zeziphi iinkqubo zoncedo abasebenzisi kunye nokusetyenziswa abanokufikelela kuzo.

Ingxaki kukuba uluhlu lwakho lwezinto onokukhetha kuzo lilinganiselwe kwaye, njengoko igama libonisa ngokuqonda, abanye abasebenzisi abaneemvume ezaneleyo banokwenza uhlengahlengiso olunokuthi luxhaphazwe ngabaphuli mthetho.

Ulawulo lokuFikelela ngokuNyanzelekileyo

Ulawulo lokuFikelela ngokuNyanzelekileyo lwahlukile kuLawulo lokuFikelela kuKhetho kuloo nto Inkqubo yokusebenza iyakuthintela okunokwenziwa zizicelo ngokwemiyalelo esekwe ngumlawuli wenkqubo kwaye abanye abasebenzisi abakwazi ukuyiguqula.

Kwi-Linux kernel olu luxanduva lweModyuli yoKhuseleko lweLinux enika iinkqubo ezahlukeneyo ezinokucelwa kwizixhobo ezinje ngale ichazwe kweli nqaku.

Yintoni iArmArmor?

I-AppArmor isebenzisa iParadigm yoLawulo lokuFikelela ngokuNyanzelekileyo ukomeleza ukhuseleko lokusasazwa kweLinux. Ixhomekeke kwiModyuli yoKhuseleko lweLinux ukunciphisa umda wokuziphatha kwezicelo ezizodwa ngokwemigaqo-nkqubo ebekwe ngumlawuli.

Le miyalelo ibonakaliswe ngohlobo lweefayile ezibhaliweyo ezaziwa ngokuba ziiprofayili. Ngombulelo kwiiprofayili, umlawuli wenkqubo unokuthintela ukufikelela kwiifayile, unxibelelwano phakathi kweenkqubo, ukuseka apho inkqubo yefayile inokuxhonywa khona, ukunciphisa ukufikelela kwinethiwekhi, ukumisela ubungakanani besicelo, kwaye zingaphi izixhobo onokuzisebenzisa. Ngamanye amagama, iprofayile yeAppArmor iqulethe uluhlu olumhlophe lokuziphatha okwamkelekileyo kwisicelo ngasinye.

Izibonelelo zale ndlela zezi:

  • Ivumela abalawuli ukuba basebenzise umgaqo welungelo elincinci kwizicelo. Kwimeko apho isicelo sonakaliswe, ngekhe sikwazi ukufikelela kwiifayile okanye senze isenzo ngaphandle kwento esekwe njengeparameter yokusebenza eqhelekileyo.
  • Iiprofayili zibhalwa ngolwimi oluhle lomlawuli kwaye zigcinwa kwiindawo onokufikelela ngokulula kuzo.
  • Ukusetyenziswa kweeprofayili ezizodwa kunokwenziwa okanye kukhubazeke nokuba kwenzeka ntoni kwezinye iinkangeleko. Oku kuvumela abalawuli ukuba bakhubaze kwaye balungise iprofayili ethile yesicelo esithile ngaphandle kokuchaphazela ukusebenza kwayo yonke inkqubo.
  • Kwimeko apho isicelo sizama ukwenza naliphi na isenzo esingqubanayo noko kusekwe kwiprofayili ehambelana noko, umsitho ungene. Ngale ndlela abalawuli bafumana isilumkiso kwangethuba.

IArmArmor ayithathi indawo yoLawulo lokuFikelela kuKhethoOko kukuthi, awungekhe ugunyazise into ethintelweyo, kodwa ungayithintela into evunyelweyo.

I-AppArrmour iza nezixhobo ezithile ezifakwe kwangaphambili kulwabiwo olukhulu lweLinux, kwaye unokufumana ngakumbi koovimba.

Unokufumana ulwazi ngakumbi ku iphepha yeprojekthi


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   Ifantasmon sitsho
    yenzayo 3 iminyaka

    Ngaba i-AppArmor ayisiso isikrweqe …….???????????????

    Phendula uFantasmon
    1.    UDiego waseJamani uGonzalez sitsho
      yenzayo 3 iminyaka

      Ngokuqinisekileyo. Ngokukhawuleza xa ndinako ukuyilungisa
      Enkosi

      Phendula u-Diego Germán González