tomoyo learning daemon, fully automatic MAC configuration
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
dist_debian
dist_opensuse/12.1
dist_ubuntu
extras
AUTHORS
COPYRIGHT
FAQ
INSTALL
LICENSE
Makefile
README
TODO
compile.sh
tio.c
tio.h
tomld.c
tomld.conf
tomld.init
tomld.logrotate
tomld.manual
tomld.png
tomld.svg
tomld.xpm
tomld_learn.desktop
tomld_notify.desktop
tpath.c
tpath.h
tstring.c
tstring.h

README

*** DISCONTINUED ***

tomld (tomoyo learning daemon) 0.77
Copyright (C) 2011 Andras Horvath
E-mail: mail@log69.com - suggestions & feedback are welcome
URL: http://log69.com - the official site
(last update Fri Dec 23 12:09:42 CET 2011)

LICENSE:
This program is free software; you can redistribute it and/or modify it under 
the terms of the GNU General Public License as published by the Free Software 
Foundation; either version 3 of the License, or (at your option) any later 
version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY 
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE.  See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with 
this program.  If not, see <http://www.gnu.org/licenses/>.

DESCRIPTION:
Tomld (tomoyo learning daemon) is a 1-click dynamic Mandatory Access Control 
(MAC) configuration solution. It is an extension to the Tomoyo security 
framework. Tomoyo increases security by confining applications and services 
into domains using rules. Tomld automates this process helping users harden 
their systems more easily. To do this tomld starts in learning mode, creates 
Tomoyo domains, collects rules, changes them and once the rules appear to be 
complete tomld enforces the policy.

The Tomoyo framework already has a learning mode which automatically sets up 
rules while processes are running. The problem for the user is that these 
processes use continuously changing files and directory names which have to be 
replaced by wildcarded rules. This requires an advanced knowledge of the system.

Tomld fully automates the MAC set up, allowing the average user to have a much 
more secure system with minimal effort. Currently this solution targets Linux 
systems only.

Tomoyo security module is part of the mainline Linux kernel since version 
2.6.30.

*TOMOYO(r) is a registered trademark of NTT DATA Corporation

LINKS:
http://log69.com
http://tomoyo.sourceforge.jp
http://en.wikipedia.org/wiki/Mandatory_access_control

USAGE: tomld [options] [executables]

The following options are supported:
    -h   --help              **print this help
    -v   --version           **print version information
    -c   --color             colorize output
    -n   --notify  [command] run the command with appended info messages
                             (should be run on a desktop as normal user)
         --log        [file] redirect stderr and stdout to this file
         --no-crypt          disable lookup of mounted encrypted filesystems
         --no-domain [files] don't create domains for these executables
         --clear             clear domain configurations
                             (all previously learnt rules will be backed up)
         --reset             reinitialize domain configurations
                             (all previously learnt rules will be backed up)
         --restore           restore domain configuration from last backup
    -l   --learn  [patterns] **request temporary learning mode for all domains,
                             or for those domains that match the patterns
                             (this is the recommended way if still necessary)
      --learn-more [pattern] switch domain back to learning mode and
                             give it another whole amount of learning time
    -i   --info    [pattern] **print domains' rules by pattern
                             (without pattern, print a list of main domains)
    -r   --remove  [pattern] remove domains by pattern
    -R   --recursive  [dirs] replace subdirs of dirs with wildcards in rules
    -m   --manual            exiting from tomld for the second time switches
                             all old learning mode domains to enforcing mode
    -k   --keep              don't change domain's mode for this session
                             (learning mode domains will stay so on exit)
         --mail      [users] send mail to users with recent deny logs
    -1   --once              quit after first cycle
         --yes               auto confirm everything with yes

*executables are additional programs to create domains for

**these options can be used simultaneously with a running tomld daemon

REQUIREMENTS:
Tomoyo enabled kernel (v2.6.30 - 3.0.x), tomoyo-tools (v2.2 - 2.3.x)
and booting the system with "security=tomoyo" kernel parameter

For full documentation and FAQ, see the website: http://log69.com