I am looking for someone with knowledge of FreeBSD MAC security.
I need this person to design and create an howto to implement the following user security:
- users may not read any file outside of their home directory appart from the required system files, binaries, crontab and man pages
- users may not open any network socket/port (not able to run a network deamon) but should be able to fetch data from the outside
- there should be a configuration that blocks users from accessing certain ports
- the www user should have access to every user directories
- users have to be able to read and erase their own apache log files
Those configurations should be ajustable on a per-user basis.
I do not wish to use any chroot method, all the security should be done via the MAC modules.
If this project is succesfull, I will have other projects concerning FreeBSD administration/security, I am looking for a partner on this and this project is a way to get to know each other.
Please let me know if you have any question or need any more details on this project.
Many thanks for your interest.
[url removed, login to view] Director