SELinux (Security Enhanced Linux)

Slides:



Advertisements
Similar presentations
METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Advertisements

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Chapter One The Essence of UNIX.
SELinux (Security Enhanced Linux) By: Corey McClurg.
Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.
Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Secure Operating Systems
SELinux US/Fedora/13/html/Security-Enhanced_Linux/
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Linux kernel security Professor: Mahmood Ranjbar Authors: mohammad Heydari Mahmood ZafarArjmand Zohre Alihoseyni Maryam Sabaghi.
Security Enhanced Linux David Quigley. History SELinux Timeline 1985:LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999:
Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.
FOSS Security through SELinux (Security Enhanced Linux) M.B.G. Suranga De Silva Information Security Specialist TECHCERT c/o Department of Computer Science.
Module 9 Configuring Messaging Policy and Compliance.
1 Implementation of Security-Enhanced Linux Yue Cui Xiang Sha Li Song CMSC 691X Project 2—Summer 02.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Using the Flask Security Architecture to Facilitate Risk Adaptable Access Control March 31 Younsik Jeong Ph.D. Student.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Chapter 7 Securing Commercial Operating Systems. Chapter Overview Retrofitting Security into a Commercial OS History of Retrofitting Commercial OS's Commercial.
Chapter 10: Rights, User, and Group Administration.
Security Planning and Administrative Delegation Lesson 6.
Module 8 : Configuration II Jong S. Bok
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
SELinux. The need for secure OS Increasing risk to valuable information Dependence on OS protection mechanisms Inadequacy of mainstream operating systems.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Trusted Operating Systems
The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather.
Privilege Management Chapter 22.
Security-Enhanced Linux Eric Harney CPSC 481. What is SELinux? ● Developed by NSA – Released in 2000 ● Adds additional security capabilities to Linux.
5/7/2007CoreMcClug/SELinux 1 By: Corey McClurg. Outline A History of SELinux What is SELinux and how do I get it? Getting Started Mandatory Access Control.
Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh
SELinux Overview DAC vs MAC Discretionary Access Control Mandatory
Secure Operating System
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Linux Security Presenter: Dolev Farhi |
HTCondor Security Basics
Chapter 14: System Protection
Secure Operating System Example: SELinux
Demystifying SELinux: WTF is it saying?
Active Directory Administration
GLAST Release Manager Automated code compilation via the Release Manager Navid Golpayegani, GSFC/SSAI Overview The Release Manager is a program responsible.
SELinux in 20 Minutes LCA Miniconf Jan. 28th, Canberra AU
Template library tool and Kestrel training
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Permission and CHMOD.
Lesson 16-Windows NT Security Issues
An Overview Rick Anderson Pat Demko
Configuring Internet-related services
OPS235: Week 1 Installing Linux (Lab1: Investigations 4 - )
Operating System Security
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
NSA Security-Enhanced Linux (SELinux)
Designing IIS Security (IIS – Internet Information Service)
Web Servers (IIS and Apache)
David Cleverly – Development Lead
Mandatory Access Control and the Real World
Presentation transcript:

SELinux (Security Enhanced Linux) By: Corey McClurg 12/1/2018 Corey McClurg SELinux

Outline What is SELinux and how do I get it? A History of SELinux Getting Started Mandatory Access Control (MAC) Using Type Enforcement to provide access Control Creating rules with example Roles (RBAC) Limiting CGI Scripts Conclusion 12/1/2018 Corey McClurg SELinux

A Brief History Originally started by the Information Assurance Research Group of the NSA, working with Secure Computing Corporation. Based on a strong, flexible mandatory access control architecture with Type Enforcement, a mechanism first developed for the LOCK system 12/1/2018 Corey McClurg SELinux

History cont. Originally started as two prototypes: DTMach and DTOS which were eventually transferred over to the Fluke research operating system Eventually the architecture was enhanced and renamed Flask. The NSA has now integrated the Flask architecture with Linux (SELinux) 12/1/2018 Corey McClurg SELinux

What is the Idea behind SELinux? An example of how mandatory access controls can be added into Linux (Confining the actions of a process, including a superuser (root) process) Implemente security mechanisms in the system that provide flexible support for a wide range of security policies. Make it possible to configure the system to meet a wide range of security requirements. Documentation and source code is provided. 12/1/2018 Corey McClurg SELinux

How do I get SELinux? It comes as an installation option when you install a number of Linux distributions. The latest release is also available from the NSA website http://www.nsa.gov/selinux/code/download-stable.cfm for download, along with documentation, all of the different libraries and the policy compiler. 12/1/2018 Corey McClurg SELinux

How do I get started? The release includes a general-purpose security policy configuration designed to meet a number of security objectives, this can be used as an example to go off of. Due to the flexibility of the system, the security policy can be modified and extended to customize for any given installation. 12/1/2018 Corey McClurg SELinux

Mandatory Access Control (MAC) A means of restricting access to objects based on the sensitivity of the information contained in the objects and whether they are authorized to access information of such sensitivity Authorization is based on prerequisites being met, resulting in an individual gaining access Enables the ability to deny users full control over the access to resources that they create access control is based on the compatibility of the security properties of the data and the clearance properties of the individual 12/1/2018 Corey McClurg SELinux

Type Enforcement In order to grant access to something, an allow rule must be created, such as: allow user_t bin_t : file {read execute getattr}; This means a process with a domain type of user_t can read, execute, or get attributes for a file object with a type of bin_t, there is no significance in the “_t” portion. This rule might be in a policy to allow users to execute shell programs such as the bash shell (/bin/bash). 12/1/2018 Corey McClurg SELinux

Using Type Enforcement 3 Necessary things for a domain transition to occur: 1. The process' new domain type has entrypoint access to an executable file type. 2. The process' current (or old) domain type has execute access to the entry point file type. 3. The process' current domain type has transition access to the new domain type. 12/1/2018 Corey McClurg SELinux

Example Execute the command “ls -Z /usr/bin/passwd” This will produce the output: -r-s—x—x root root system_u:object_r:passwd_exec_t /usr/bin/passwd Using this provided information, we can then create TE rules to have a domain transition. Three rules are required to give the user the ability to do a domain transition to the password file: allow user_t passwd_exec_t : file {getattr execute}; Lets user_t execute an execve() system call on passwd_exec_t allow passwd_t passwd_exec_t : file entrypoint; This rule provides entrypoint access to the passwd_t domain, entrypoint defines which executable files can “enter” a domain. allow user_t passwd_t : process transition; The original type (user_t) must have transition permission to the new type (passwd_t) for the domain transition to be allowed. 12/1/2018 Corey McClurg SELinux

Example cont. This isn't very useful by itself since the user would have to specifically say that they want a domain transition. This is where type transition rules are used. To create a domain transition by default the following rule is created: type_transition user_t passwd_exec_t : process passwd_t; The type_transition rule indicates that by default on an execve() system call, if the calling process' domain type is user_t and the executable file's type is passwd_exec_t a domain transition to a new domain type (passwd_t) will be attempted A type_transition rule causes a domain transition to be attempted by default, but it does not allow it, that's why the other 3 rules had to be created 12/1/2018 Corey McClurg SELinux

Example cont. What does this example accomplish? It makes it so that the current user can change the password in the shadow(encrypted password) file, without these rules, this would not be possible even for the root user. The user isn't able to access the file directly though, they must access it through the passwd file to restrict what they are allowed to do. 12/1/2018 Corey McClurg SELinux

Another Option: In addition to Type Enforcement, SELinux also provides a form of role-based access control (RBAC). Roles build on type enforcement to limit the types to which a process may transition. Roles are based on the role identifier in the process' security context. Using roles is a way to be even more specific about what access rights are given. 12/1/2018 Corey McClurg SELinux

Limiting CGI scripts with SELinux There are types already defined in SELinux with different rights given to them. httpd_sys_script_ro_t A CGI script may only read files and directories with this type. Setting all cgi scripts to this other than index.cgi will make it so only index.cgi can do more than read files and directories httpd_sys_script_exec_t index.cgi must be set to this since httpd cannot execute any other types. httpd_sys_script_rw_t If a cgi script needs to be able to write, say to a database, then it will need this right (read/write access) 12/1/2018 Corey McClurg SELinux

CGI cont. In addition to limiting the access of CGI scripts themselves, unless rules have been specifically declared to give a user access to CGI scripts, no user, including root will be able to access them in the first place. CGI scripts can be much more safe on an apache server with SELinux implemented 12/1/2018 Corey McClurg SELinux

Conclusion When used properly, SELinux can make a system much more secure A user is confined to being able to do only what has been defined in the SELinux policy for that user. There are several different routes that can be used to achieve the level of desired security using SELinux. 12/1/2018 Corey McClurg SELinux

References http://www.phptr.com/articles/article.asp?p=606586&seqNum=1&rl=1 http://www.nsa.gov/selinux/index.cfm http://www.nsa.gov/selinux/papers/policy2.pdf http://docs.fedoraproject.org/selinux-apache-fc3/sn-using-other-types.html asdasd 12/1/2018 Corey McClurg SELinux

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.