Info: Version 1.3 is available.
Last modified: $Date: 2011-11-20 09:56:56 +0900 (Sun, 20 Nov 2011) $
Since the policy of TOMOYO Linux is represented using pathnames, TOMOYO Linux is applicable for tracing file accesses.
You can use TOMOYO Linux to find how programs access files or what program is creating files on specific directories.
To compile kernel, see TOMOYO Linux kernel compilation.
Boot with TOMOYO Linux kernel, and check the system works properly.
To compile tools, run the following commands.
cd /root/ # Download source of tools for TOMOYO Linux. wget -O ccs-tools-1.2-20060903.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/21579/ccs-tools-1.2-20060903.tar.gz' # Extract. tar -zxf ccs-tools-1.2-20060903.tar.gz # Compile. make -sC ccstools/ |
Create /root/security/manager.txt with the following contents.
/root/ccstools/editpolicy |
Create /root/security/profile0.txt with the following contents.
MAC_FOR_FILE=1 MAX_ACCEPT_FILES=1048576 MAX_GRANT_LOG=0 MAX_REJECT_LOG=0 TOMOYO_VERBOSE=0 |
Save the output of the following commands as /root/security/exception_policy.txt .
/root/ccstools/make_exception.sh | grep ^file_pattern | sort | uniq |
Boot with TOMOYO Linux kernel and run applications you want to analyze.
You can see the list of programs executed until now by executing /root/ccstools/editpolicy . Choose a program and press "Enter" to see the list of files accessed by the program. See How to use Policy Editor for usage of the policy editor.
You can save the list of all accessed files until now as /root/security/domain_policy.txt by executing /root/ccstools/savepolicy .