We're proud to release the first release candidate of secadm 0.1. We've added a few new features and fixed a few bugs. Links to the release files are below.
Here's what's changed between 0.1-beta1 and 0.1-rc1:
- Fixed panic when unloading the secadm module
- Use local object directories to make compiling cleaner
- Add new noun to the list verb: features. This will allow the user of secadm to lsit what per-application features we support. Example:
secadm list features
- Add new noun to the list verb: rules (default action when no noun is specified). This allows the user to see what rules are currently loaded and enforced. Example
secadm list rulesor simply:
- Don't advertise PAGEEXEC if it's not available
- Allow non-root users to list loaded rules
- Prevent a process from removing a file listed in our ruleset. This means that in order to remove or move a file, a rule pertaining to that file must not be present in the ruleset
- Improve KLD handling
- rc.d script
As usual, the README file in the release tarball contains detailed usage examples.
The tarball can be found here. Its GPG signature can be found here. It was signed with Shawn Webb's GPG key that has a fingerprint of 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE.