Whenever a new technology is implemented, a planning phase is recommended. During the planning stages, an administrator should consider the implementation requirements and the implementation goals.
For MAC installations, these include:
How to classify information and resources available on the target systems.
Which information or resources to restrict access to along with the type of restrictions that should be applied.
Which MAC module or modules will be required to achieve this goal.
Good planning helps to ensure a trouble-free and efficient trusted system implementation. A trial run of the trusted system and its configuration should occur before a MAC implementation is used on production systems. The idea of just letting loose on a system with MAC is like setting up for failure.
Different environments have different needs and requirements. Establishing an in depth and complete security profile will decrease the need of changes once the system goes live. The rest of this chapter covers the available modules, describes their use and configuration, and in some cases, provides insight on applicable situations. For instance, a web server might use the mac_biba(4) and mac_bsdextended(4) policies. In the case of a machine with few local users, mac_partition(4) might be a good choice.