TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux operating systems. It helps to increase the security of a system, and offers administrators a competent system analysis tool.
The MAC implementation is lightweight and usable with “automatic policy configuring” feature by “LEARNING mode”, an administrators’ friendly policy language, with no need for libselinux or userland program modifications.
TOMOYO Linux consists of patches to Linux kernel and administrative utilities. When configured to restrict access, TOMOYO Linux restricts each process to only these declared behaviors and resources (like an operation watchdog). The main tool used by TOMOYO Linux is the policy editor. This provides a number of screens that serve different roles.
- System analysis:
- Debug applications.
- Understand the behaviour of a Linux system.
- Write documentation.
- Increased security through Mandatory Access Control:
- Restrict services.
- Restrict system administrator operations.
- Create per-application network firewalls.
- Reduce impact from buffer overflows and other security exploits.
- Deploy a honeypot system to detect and counteract attempts at unauthorised use.
- Automatic policy generation.
- Simple syntax.
- Ease of use.
- No changes needed to existing binaries.
|Read our complete collection of recommended free and open source software. The collection covers all categories of software.
The software collection forms part of our series of informative articles for Linux enthusiasts. There's tons of in-depth reviews, alternatives to Google, fun things to try, hardware, free programming books and tutorials, and much more.