1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link title="new" rel="stylesheet" href="http://www.gentoo.org/../css/main.css" type="text/css">
<link REL="shortcut icon" HREF="http://www.gentoo.org/../favicon.ico" TYPE="image/x-icon">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
<title>Gentoo Linux Documentation
--
Rule Set Based Access Control (RSBAC) for Linux - Quickstart</title>
</head>
<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/../images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
<td width="99%" class="content" valign="top" align="left">
<br><h1>Rule Set Based Access Control (RSBAC) for Linux - Quickstart</h1>
<form name="contents" action="http://www.gentoo.org">
<b>Content</b>:
<select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Introduction</option>
<option value="#doc_chap2">2. Installation of the RSBAC enabled kernel</option>
<option value="#doc_chap3">3. Installation of the RSBAC admin utilities</option>
<option value="#doc_chap4">4. First boot</option>
<option value="#doc_chap5">5. Learning mode and the AUTH module</option>
<option value="#doc_chap6">6. Further information</option></select>
</form>
<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
</span>Introduction</p>
<p> This guide will help you to install RSBAC on
Gentoo Linux. It is assumed that the users have read
the <a href="intro.xml">Introduction</a> and the <a href="overview.xml">Overview</a> already, so that they knows what is
RSBAC and its main concepts. </p>
<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
</span>Installation of the RSBAC enabled kernel</p>
<p class="secthead"><a name="doc_chap2_sect1">Emerging the RSBAC kernel</a></p>
<p> This step is pretty straight forward, thanks to the way Gentoo
handles kernel installations. Start by emerging the rsbac-sources
kernel from your portage. </p>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b> There are two rsbac-sources kernel available:
one is for the 2.4 kernel branch, the other is for the newer 2.6 kernel branch.
</p></td></tr></table>
<a name="doc_chap2_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.1: RSBAC kernel installation (using the default profile and 2.6 kernel)</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">emerge rsbac-sources</span>
</pre></td></tr>
</table>
<a name="doc_chap2_pre2"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.2: RSBAC kernel installation (using the 2.4 kernel, since Gentoo profile 2005.0)</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">rm /etc/make.profile</span>
# <span class="code-input">ln -s /usr/portage/profiles/default-linux/x86/2005.0/2.4/ /etc/make.profile</span>
# <span class="code-input"> echo "sys-kernel/hardened-sources rsbac" >> /etc/portage/package.use</span>
# <span class="code-input">emerge hardened-sources</span>
</pre></td></tr>
</table>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffffbb"><p class="note"><b>Important: </b> It is advised to enable softmode on your first RSBAC kernel. It
allows you to turn off the RSBAC enforcement in one reboot, for testing
or in case something goes wrong. Only turn it off once you are sure of
what you are doing, or of course, for a production kernel. </p></td></tr></table>
<p class="secthead"><a name="doc_chap2_sect2">Configuring the RSBAC kernel</a></p>
<p> We will now configure the kernel. It is recommended that you
enable the following options, in the "Rule Set Based Access Control
(RSBAC)" category: </p>
<a name="doc_chap2_pre3"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.3: Configuring and compiling the RSBAC kernel</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
<span class="code-comment">Under "General RSBAC options"</span>
[*] RSBAC proc support
[*] Check on init
[*] Support transactions
[*] Randomize transaction numbers
[*] RSBAC debugging support
(400) RSBAC default security officer user ID
<span class="code-comment">Under "User management"</span>
[*] User management
<span class="code-comment">Be sure to enable SHA1 in the Crypto API
Under "Cryptographic options" of the general kernel configuration, tick
[*] SHA1 digest algorithm
</span>
[*] Use Crypto API Digest SHA1 (NEW)
<span class="code-comment">Under "RSBAC networking options"</span>
[*] RSBAC network support
[*] Net device control
[ ] Treat virtual devices as individuals
[*] Individual network device logging
[*] Net object control (sockets)
[*] Control UNIX address family
[*] Also intercept network object read and write
[*] Individual network object logging
<span class="code-comment">(Do not turn on "RSBAC Maintenance Kernel", use softmode instead)</span>
<span class="code-comment">Under "Decision module (policy) options"</span>
[*] Support for Registration of decision modules (REG)
[*] Build REG sample modules
----------------------------
[*] RSBAC support for DAZuko policy <span class="code-comment">(For malware/antivirus scanning)</span>
DAZ Policy Options --->
(604800) Scanning result lifetime in seconds
<span class="code-comment">For each different policy/module you support you should check it's protection for AUTH module
and User Management module</span>
[*] RSBAC support for FF policy
[*] RSBAC support for RC policy
[*] RSBAC support for AUTH policy
<span class="code-comment">Please turn learning option off on production kernels. It is only used while setting up your RSBAC system.</span>
AUTH Policy Options --->
[*] AUTH learning mode support
[*] RSBAC support for ACL policy
[*] RSBAC support for Linux Caps (CAP) policy
[*] RSBAC support for JAIL policy
[*] RSBAC support for PAX policy
[*] RSBAC support for System Resources (RES) policy
<span class="code-comment">Under "Softmode and switching"</span>
[ ] RSBAC policies switchable
[*] RSBAC soft mode <span class="code-comment">(Turn that off on production kernels)</span>
[*] Individual module softmode support
<span class="code-comment">Under "Logging": all except "Log to remote UDP network socket"
unless you want to log to remote machine</span>
<span class="code-comment">Under "RSBAC symlink redirection"</span>
[*] RSBAC symlink redirection
[*] Add remote IP address
[*] Add user ID number
[*] Add RC role number
<span class="code-comment">Under "Other RSBAC options"</span>
[*] Intercept sys_read and sys_write
[*] Intercept Semaphore IPC operations
[*] Control DAC process owner (seteuid, setfsuid)
[*] Hide processes in /proc
[*] Support freezing of RSBAC configuration
[*] RSBAC check sys_syslog
</pre></td></tr>
</table>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b> If you plan to run a X Window server (such as X.org or XFree86),
please also enable <span class="code" dir="ltr">"[*] X support (normal user MODIFY_PERM access
to ST_ioports)"</span>.
Please also see <a href="hardenedxorg.html">Using Xorg on Hardened Gentoo</a></p></td></tr></table>
<p> We will now configure PaX which is a complement of the RSBAC hardened
kernel. It is also recommended that you enable the following options,
in the "Security options ---> PaX" section. </p>
<a name="doc_chap2_pre4"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.4: Configuring PaX kernel options</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
[*] Enable various PaX features
PaX Control --->
[*] Support soft mode <span class="code-comment">(Turn that option off on a production kernel)</span>
[ ] Use legacy ELF header marking
[ ] Use ELF program header marking
Use ELF program header marking MAC system integration (direct) --->
(X) hook
Non-executable pages --->
[*] Enforce non-executable pages (NEW)
[*] Paging based non-executable pages
<span class="code-comment">(You usually want to select the PAGEEXEC method on x86 since on newer PaXs,
revert to SEGMEXEC if you are having issues)</span>
[*] Segmentation based non-executable pages (NEW)
[*] Restrict mprotect()
[ ] Disallow ELF text relocations <span class="code-comment">(This option breaks too much applications as of now)</span>
Address Space Layout Randomization --->
[*] Address Space Layout Randomization
[*] Randomize user stack base
[*] Randomize mmap() base
</pre></td></tr>
</table>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b> You should refer to the <a href="http://pax.grsecurity.net">PaX</a> website for more information
about PaX. </p></td></tr></table>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b> You must use the RSBAC admin utilities
to manage PaX, instead of chpax or paxctl with your RSBAC kernel.
You will be able to move to the PaX item and set the usual PaX flags.
</p></td></tr></table>
<a name="doc_chap2_pre5"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.5: Managing PaX flags</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">rsbac_fd_menu /path/to/the/target/item</span>
or
# <span class="code-input">attr_set_file_dir FILE /path/to/the/target/item pax_flags [pmerxs]</span>
</pre></td></tr>
</table>
<p> You can now compile and install the kernel as you would do with a
normal one concerning the other options. </p>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffffbb"><p class="note"><b>Important: </b> It is strongly suggested to build a second kernel without
the softmode options, neither the AUTH option, in order to use in
a production environment. Only do that once you finished testing and
setting up policies, as it'll remove the possiblity of switching off
the access control system. </p></td></tr></table>
<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
</span>Installation of the RSBAC admin utilities</p>
<p> In order to administrate your RSBAC enabled Gentoo, some userspace
utilites are required. Those are included in the rsbac-admin package
and it needs to be installed. </p>
<a name="doc_chap3_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing3.1: Installing the RSBAC admin utilities</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">emerge rsbac-admin</span>
</pre></td></tr>
</table>
<p> Once emerged, the package will have created a new user account on your
system (secoff, with uid 400). He will become the security administrator
during the first boot. This is the only user, who is able to change the
RSBAC configuration. He will commonly be called the Security Officer.
</p>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffffbb"><p class="note"><b>Important: </b> Please set-up a <span class="emphasis">secure</span> password for the secoff user.
</p></td></tr></table>
<a name="doc_chap3_pre2"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing3.2: Setting up a password for the Security Officer</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">passwd secoff</span>
</pre></td></tr>
</table>
<p class="chaphead"><a name="doc_chap4"></a><span class="chapnum">4.
</span>First boot</p>
<p> At the first boot, login into the system won't be possible, due to the
AUTH module <span class="emphasis">restricting</span> the programs privileges. To overcome this
problem please boot into softmode using the following kernel parameter
(in your lilo or grub configuration): </p>
<a name="doc_chap4_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing4.1: Softmode kernel parameter</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre> <span class="code-input">rsbac_softmode</span> </pre></td></tr>
</table>
<p> The login application is managing user logins on the system. It
needs rights to setuid, which we will now give: </p>
<p> Login as the
Security Officer (secoff) and allow logins to be made by enterering the
following command: </p>
<a name="doc_chap4_pre2"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing4.2: Allowing users to login</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">rsbac_fd_menu /bin/login</span>
or
# <span class="code-input">attr_set_fd AUTH FILE auth_may_setuid 1 /bin/login</span>
</pre></td></tr>
</table>
<p> As an alternative, if softmode isn't enabled, you can also use the
following kernel parameter in order to allow login at boot time: </p>
<a name="doc_chap4_pre3"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing4.3: Allowing users to login with a kernel parameter</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
<span class="code-input">rsbac_auth_enable_login</span>
</pre></td></tr>
</table>
<p class="chaphead"><a name="doc_chap5"></a><span class="chapnum">5.
</span>Learning mode and the AUTH module</p>
<p class="secthead"><a name="doc_chap5_sect1">Creating a policy for OpenSSH</a></p>
<p> Because there is almost no policy made yet (except the one generated
during the first boot), the AUTH module does not allows uid changes.
</p>
<p> Thanks to the intelligent learning mode there is an easy way to
alleviate this new problem: The AUTH module can automagically generate the
necessary policy by watching services while they start up, and note the
uids they are trying to switch to. For example to teach the AUTH module
about the uids needed by sshd (OpenSSH daemon), do the following: </p>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffffbb"><p class="note"><b>Important: </b>Make sure that sshd or the daemon you will use the learn mode with isn't running already before enabling learn mode.</p></td></tr></table>
<a name="doc_chap5_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing5.1: Making a policy for sshd, using the learning mode</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
<span class="code-comment">Enable the learning mode for sshd</span>
# <span class="code-input">attr_set_file_dir AUTH FILE `which sshd` auth_learn 1</span>
<span class="code-comment">Start the service</span>
# <span class="code-input">/etc/init.d/sshd start</span>
<span class="code-comment">Disable the learning mode</span>
# <span class="code-input">attr_set_file_dir AUTH FILE `which sshd` auth_learn 0</span>
</pre></td></tr>
</table>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b> One should also login to the system before switching the learning
mode off, because sshd will also attempt to change it's uids when the
user will login in. </p></td></tr></table>
<p> Now sshd should be working as expected again, <span class="emphasis">congratulations</span>,
you made your first policy :) The same procedure can be used on every
other daemon you will need. </p>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b> As an alternative to enable the learning mode for each daemon
of application you will need, you might want to enable the global
learning mode (which will learn about everything running, globally,
as it name tells). </p></td></tr></table>
<p> You can enable the global learning mode by issuing this kernel
parameter at boot time: </p>
<a name="doc_chap5_pre2"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing5.2: Enabling the global learning mode</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
<span class="code-input">rsbac_auth_learn</span>
</pre></td></tr>
</table>
<p class="chaphead"><a name="doc_chap6"></a><span class="chapnum">6.
</span>Further information</p>
<p> It is also strongly suggested that you subscribe to the <a href="http://www.gentoo.org/main/en/lists.xml">gentoo-hardened
mailing-list</a>. It is generally a low traffic list,
and RSBAC announcements for Gentoo will be available
there. We also recommend you to subscribe to the <a href="http://rsbac.org/mailman/listinfo/rsbac/">RSBAC mailing-list</a>.
Please also check the <a href="hardenedfaq.html">hardened FAQ</a> as your questions might already be covered in this document.
</p>
<table class="ntable"> <tr>
<td class="tableinfo">Links:</td>
<td class="tableinfo"><a href="http://www.rsbac.org">RSBAC Official site</a></td>
</tr> <tr>
<td class="tableinfo">IRC channels:</td> <td class="tableinfo"><a href="irc://irc.freenode.org/gentoo-hardened">#gentoo-hardened</a></td>
<td class="tableinfo"><a href="irc://irc.freenode.org/rsbac">#rsbac</a></td>
</tr> </table>
<br><p class="copyright">
The contents of this document, unless otherwise expressly stated, are licensed under the <a href="http://creativecommons.org/licenses/by-sa/2.5">CC-BY-SA-2.5</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
</p>
<!--
<rdf:RDF xmlns="http://web.resource.org/cc/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
<permits rdf:resource="http://web.resource.org/cc/Reproduction" />
<permits rdf:resource="http://web.resource.org/cc/Distribution" />
<requires rdf:resource="http://web.resource.org/cc/Notice" />
<requires rdf:resource="http://web.resource.org/cc/Attribution" />
<permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
<requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
</License>
</rdf:RDF>
--><br>
</td>
<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="rsbac/quickstart.xml?style=printable">Print</a></p></td></tr>
<tr><td class="topsep" align="center"><p class="alttext">Updated November 27, 2010</p></td></tr>
<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>This document will guide you through the installation of the
RSBAC on Gentoo Linux</p></td></tr>
<tr><td align="left" class="topsep"><p class="alttext">
<a href="mailto:albeiro@gentoo.pl" class="altlink"><b>Michal Purzynski</b></a>
<br><i>Author</i><br><br>
<a href="mailto:kang@insecure.ws" class="altlink"><b>Guillaume Destuynder</b></a>
<br><i>Editor</i><br></p></td></tr>
<tr lang="en"><td align="center" class="topsep">
<p class="alttext"><b>Donate</b> to support our development efforts.
</p>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
</form>
</td></tr>
<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
</table></td>
</tr></table></td></tr>
<tr><td colspan="2" align="right" class="infohead">
Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
</td></tr>
</table></body>
</html>
|
GitWeb