SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh

Slides:

Advertisements

Similar presentations

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

Advertisements

Access Control Chapter 3 Part 3 Pages 209 to 227.

By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

Chapter 9 Building a Secure Operating System for Linux.

SELinux (Security Enhanced Linux) By: Corey McClurg.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Chapter 8 Case Study: Solaris Trusted Extensions.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

Linux Security.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Database Security Managing Users and Security Models.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Security Enhanced Linux (SELinux)

Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.

Secure Operating Systems

SELinux US/Fedora/13/html/Security-Enhanced_Linux/

Access Control Policies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up:

Linux kernel security Professor: Mahmood Ranjbar Authors: mohammad Heydari Mahmood ZafarArjmand Zohre Alihoseyni Maryam Sabaghi.

Security Enhanced Linux David Quigley. History SELinux Timeline 1985:LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999:

Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.

FOSS Security through SELinux (Security Enhanced Linux) M.B.G. Suranga De Silva Information Security Specialist TECHCERT c/o Department of Computer Science.

1 Implementation of Security-Enhanced Linux Yue Cui Xiang Sha Li Song CMSC 691X Project 2—Summer 02.

Linux Security LINUX SECURITY. Firewall Linux Security Internet Database Application Web Server Firewall.

CIS 290 Linux Security Program Authentication Module and Security Enhanced LINUX.

Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.

Grid Chemistry System Architecture Overview Akylbek Zhumabayev.

Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

SELinux. The need for secure OS Increasing risk to valuable information Dependence on OS protection mechanisms Inadequacy of mainstream operating systems.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Mandatory Access Control and SE Linux CS 460 Cyber Security Lab Spring ‘10.

Trusted Operating Systems

The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather.

Security-Enhanced Linux Eric Harney CPSC 481. What is SELinux? ● Developed by NSA – Released in 2000 ● Adds additional security capabilities to Linux.

5/7/2007CoreMcClug/SELinux 1 By: Corey McClurg. Outline A History of SELinux What is SELinux and how do I get it? Getting Started Mandatory Access Control.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

By Daniel Grim. What Is Windows NT? IPSEC/Windows Firewall NTFS File System Registry Permissions Managing User Accounts Conclusion Outline.

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

1 Introduction to SELinux David P. Quigley National Security Agency National Information Assurance Research Laboratory (NIARL)

How to live with SELinux

MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.

SELinux Overview ● Permissions historically – Why is unix or ACL permissions not good enough? ● DAC vs. MAC ● SELinux ID, objects, roles and types ● Policy.

Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)

Server Security 1 SE Linux, Systrace Lars Noodén March – April 2009.

Overview of NSA Security Enhanced Linux Russell Coker.

Red Hat Enterprise Linux 5 Security April Red Hat Development Model Collaboration with partners and open source contributors to develop technology.

SELinux: Best Practices and What's New in Red Hat Enterprise Linux 5 Name Dan Walsh Date Wednesday May 9 th 2007.

SELinux Overview DAC vs MAC Discretionary Access Control Mandatory

SE Linux Implementation Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework.

Multi-Category Security (MCS)

OpenShift & SELinux Dan Walsh Twitter: #rhatdan

Writing SELinux Policy | Permissive Domains | Real bugs

Linux Containers Overview & Roadmap

SELinux for Dummies Dan Walsh.

Demystifying SELinux: WTF is it saying?

Netconf 2006 Tokyo Paul Moore

Dan Walsh Red Hat, Inc. Sandbox Dan Walsh Red Hat, Inc.

SELinux Daniel J Walsh SELinux Lead Engineer.

SE Linux Implementation

SELinux RHEL5: A benchmark

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

IS3440 Linux Security Unit 2 Securing a Linux Platform―Core Components

SELinux (Security Enhanced Linux)

An Overview Rick Anderson Pat Demko

NSA Security-Enhanced Linux (SELinux)

Presentation transcript:

SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh dwalsh@redhat.com SELinux Lead Engineer Red Hat Dan Walsh

What is SELinux? Mandatory Method (MAC) Current systems use DAC (Discretionary Access Control) Ability to confine applications based on least privilege Define rules about how an application is supposed to run Enforcement by the kernel MAC History defined in 1970's Belle and LaPadula Roles Based Access Control Type Enforcement

What is SELinux? Type Enforcement Define policy on what an application is supposed to do. Enforce it with the kernel Least Privilege Access based on Subjects and Objects Every process, file, directory, device labeled with Security Context Process Labels – Domains File Labels – File Context

Developed by the NSA NSA’s OS security research Cleanly separates policy from enforcement using well-defined policy interfaces Fine-grained controls over kernel services Transparent to applications and users Removes power of root, several machines running root as guest account

Where should you run SELinux? Corporate Network Internet Intranet Red Hat Enterprise Linux ES Red Hat Enterprise Linux ES DNS Web FTP NFS NIS Red Hat Enterprise Linux AS Firewall VPN Database CRM ERP DNS Web FTP Red Hat Enterprise Linux ES Red Hat Enterprise Linux WS Red Hat Enterprise Linux ES DMZ App Server Farm

SELinux History at Red Hat Introduced with Fedora 2 Excellent example of Open Source principals First policy “Strict” not very supportable Not Ready for prime time Redesigned for Fedora 3 Targeted Policy Target domains we want to confine Allow other domains to run “unconfined”

SELinux History at Red Hat Red Hat Enterprise Linux 4 First Main line Operating System with Type Enforcement 15 Targets Confined (apache, bind, syslog, dhcpd, ...) Fedora 4, 5, 6 Redesigned SELinux policy to support Modules Expand Number Targets Lock down all of System Space. Improved Usability GUI audit2allow policy generation

SELinux History at Red Hat Red Hat Enterprise Linux 5 Over 200 domains locked down MLS Policy EAL4+, LSPP, RBAC Easy Policy Generation Labeled Networking support CIPSO IPSEC

SELinux History at Red Hat Fedora 9 Introduction of X Windows controls Permissive Domain Confinement of users guest_t xguest_t user_t staff_t unconfined_t

SELinux History at Red Hat Fedora 7, 8, Begin confining the user Introduction of guest and xguest user combine targeted/strict policy Policy generation tools

Easier - Troubleshooting What the H**L is going on???? tail /var/log/audit/audit.log type=AVC msg=audit(1176392795.244:2036): avc: denied { getattr } for pid=6705 comm="httpd" name="index.html" dev=dm-0 ino=3180003 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file

Easier Management

Easier Policy Generation

How does SELinux enforce policy? Every process and file tagged with a security context Files tagged via extended attributes New files context assigned via policy New files get assigned container directories security context Policy can override. Files created in /var/log by named_t get named_log_t Certain Applications, such as login, are allowed by policy to set the context of the next executed program Kernel assigns context to processes via policy

SELinux Key Components Kernel Patch implementing security hooks Uses Linux Security Module (LSM) Framework for security enhancements to Linux

SELinux Key Components Applications Most user applications and server applications unchanged SELinux aware applications Applications used to view or manipulate security contexts Programs required to set user session security context Examples: login/sshd, ls, cp, ps, setfilecon, logrotate, cron ... Covered in Section 2

SELinux Key Components Policy Targeted policy By default processes run in unconfined_t unconfined processes have the same access they would have without SELinux running Daemons with defined policy transition to locked down domains httpd started from initrc_t transitions to httpd_t which has limited access.

SELinux Key Components

Open Source in Action

Ultra Trusted Standards Controlled Access Protection Profile - EAL4/CAPP Labeled Security Protection Profile - EAL4+/LSPP Multi Level Security (MLS) SELinux is the only mainstream OS in the world with MLS AND Type Enforcement. SELinux used all over Department of Defense including War Zones. Unlike All other Trusted OS's SELinux == Red Hat Enterprise Linux