log69 logo
blog
tomld
aaphoto
help
gallery
links
donate
contact

lang
tomld

Free and open source
tomld (tomoyo learning daemon)
Fully automatic Mandatory Access Control (MAC) configuration solution

(TOMOYO® is a registered trademark of NTT DATA Corporation)

tomld
tomld tomld

video installing tomld on youtube (720p HD 15 fps 4:35 min)
direct link in .ogv format

tomld

Description

Tomld (tomoyo learning daemon) is a 1-click dynamic Mandatory Access Control (MAC) configuration solution. It is an extension to the Tomoyo security framework. Tomoyo increases security by confining applications and services into domains using rules.

Tomld automates this process helping users harden their systems more easily. To do this tomld starts in learning mode, creates Tomoyo domains, collects rules, changes them and once the rules appear to be complete tomld enforces the policy.

For more information see the help

I find Tomoyo a great piece of tool. Thank You to the Authors!

tomld flow

tomld flowchart

Links

Tomoyo official site
Tomoyo documentation
Mandatory access control Wikipedia site

Options

tomld [options] [executables]

The following options are supported:
-h --help **print this help
-v --version **print version information
-c --color colorize output
-n --notify [command] run the command with appended info messages
(should be run on a desktop as normal user)
--log [file] redirect stderr and stdout to this file
--no-crypt disable lookup of mounted encrypted filesystems
--no-domain [files] don't create domains for these executables
--clear reinitialize domain configurations
(all previously learnt rules will be backed up)
--reset reinitialize domain configurations and run
(all previously learnt rules will be backed up)
--restore restore domain configuration from last backup
-l --learn [patterns] **request temporary learning mode for all domains,
or for those domains that match the patterns
(this is the recommended way if some domains need it)
--learn-more [pattern] switch domain back to learning mode and
give it another whole amount of learning time
-i --info [pattern] **print domains' rules by pattern
without pattern, print a list of main domains
-r --remove [pattern] remove domains by pattern
-R --recursive [dirs] replace subdirs of dirs with wildcards in rules
-m --manual exiting from tomld for the second time switches
all old learning mode domains to enforcing mode
-k --keep don't change domain's mode for this session
(learning mode domains will stay so on exit)
--mail [users] send mail to users with recent deny logs
-1 --once quit after first cycle
(might be useful for scripts)
--yes auto confirm with yes

*executables are additonal programs to create domains for

**these options can be used simultaneously with a running tomld daemon

requirements: Tomoyo enabled kernel (v2.6.30 and above), tomoyo-tools (v2.2 and above) and booting the system with "security=tomoyo" kernel parameter.


Installation


# get it from github
git clone git://github.com/log69/tomld
cd tomld
make && sudo make install

# get it from http
wget http://log69.com/downloads/tomld.tgz
tar xf tomld.tgz
cd tomld
make && sudo make install

# get it from http for debian
wget http://log69.com/downloads/tomld.tgz
tar xf tomld.tgz
cd tomld/dist_debian
sudo dpkg -i *.deb
sudo apt-get -f install

# get it from ppa for ubuntu
sudo add-apt-repository ppa:log69/tomld
sudo apt-get update
sudo apt-get install tomld



License

GPLv3+ (full copy)

Download

version: 0.77
date: 23/12/2011
download changelog git repo

sources:
tomld_0.77.tar.gz
tomld_0.76.tar.gz
tomld_0.75.tar.gz
tomld_0.74.tar.gz
SHA1SUMS_tomld
SHA1SUMS_tomld.asc (sign)

(debian packages can be found in tomld.tgz within dist_debian dir)


Please consider supporting with donation. Thank You!