tomoyotitle.png

Chapter 1: Introduction

1.1. Introduction to this guide

This guide aims to provide an informative and easy to read set of instructions on how to use TOMOYO Linux, allowing the reader to experience and master the tools involved in securing a system. The chapters have been grouped into core topics and advanced topics. It is recommended to follow the core topics in the order that they are presented, as each chapter will build on knowledge learnt in preceding chapters. The advanced topics can be explored at your leisure.

For those using this project for system analysis, the first six chapters are relevant. The sixth chapter itself is not strictly necessary for system analysis, but may be useful. For those using this project for system restriction, the whole guide should provide a solid foundation from which a policy of least privilege can be developed for any particular system. The Mandatory Access Control (MAC) provided by this project is not designed to offer protection "out of the box", but instead requires time and an understanding of the concepts and tools involved. It is therefore extremely worthwhile to read this guide thoroughly. Only then can you ensure that your system is as secure as possible.

1.2. Typography

To make sure the guide is easy to read, there are some typographical conventions used. This sections contains some examples.

# /usr/sbin/tomoyo-editpolicy

The formatting above indicates that the text should be run as a command in your terminal. A line starting with a "#" symbol indicates that it must be run as the root user, while a "$" symbol indicates that it should be run as your regular user. When commands are embededded in text, it will look like this: tomoyo-editpolicy.

Memory used by policy:                    165728
Memory used by audit log:                      0 (Quota:   16777216)
Memory used by query message:                  0 (Quota:    1048576)
Total memory used:                        165728

The formatting above indicates that the text is terminal output following a command.

number_group WEB-CLIENT-PORTS 1024-65535

This formatting above indicates that the string is not a command or terminal output. It could be text from a configuration file. It could also be text to enter into a configuration file or the policy editor.