We're proud to release the first release candidate of secadm 0.1. We've added a few new features and fixed a few bugs. Links to the release files are below.
Here's what's changed between 0.1-beta1 and 0.1-rc1:
- Fixed panic when unloading the secadm module
- Use local object directories to make compiling cleaner
- Add new noun to the list verb: features. This will allow the user of secadm to lsit what per-application features we support. Example:
secadm list features
- Add new noun to the list verb: rules (default action when no noun is specified). This allows the user to see what rules are currently loaded and enforced. Example
secadm list rulesor simply:
- Don't advertise PAGEEXEC if it's not available
- Allow non-root users to list loaded rules
- Prevent a process from removing a file listed in our ruleset. This means that in order to remove or move a file, a rule pertaining to that file must not be present in the ruleset
- Improve KLD handling
- rc.d script
As usual, the README file in the release tarball contains detailed usage examples.