Presentation is loading. Please wait.

Presentation is loading. Please wait.

SELinux http://www.nsa.gov/research/selinux/index.shtml http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/

Published byJuan Castanho Carrilho Modified over 5 years ago

Similar presentations

Presentation on theme: "SELinux http://www.nsa.gov/research/selinux/index.shtml http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/"— Presentation transcript:

1 SELinux http://www.nsa.gov/research/selinux/index.shtml

2 Outline What is the problem? What is SELinux? What is it trying to do?
How does it work?

3 The Problem: Virus / security attacks - up System complexity – up
Network connectivity – up Code sophistication – up More active content More mobile code

4 The Problem: Patch cycle
Attackers find a vulnerability and develop an exploit Users / testers discover an exploit and develop a patch to negate the exploit Protecting the systems in the period between when the exploit is developed and when the patch is distributed is called the 0-Day problem

5 The Issue : The Problem: A Possible Solution:
How do you defend against an exploit that hasn’t been developed? A Possible Solution: Control access to resources to limit exposure – and thus the chances for an exploit Also manage access controls such that, if an exploit is successful, there is a strict limit on the resources available to the exploit

6 Access Control Linux (and most other OSs) implement discretionary access control over resources Users have the discretion to allow or deny access to resources that they control If a process is compromised, it operates with the access controls given to that process (those of the user/owner). Higher level security implements access control in the system (mandatory access control). Access to resources is managed by a security policy, not user decisions.

7 SELinux History Mandatory access controls (MAC) used in high security systems (military) for years. NSA began work on embedding MAC into existing operating systems – Mach OS – Distributed Trusted OS – Flux Advanced Security Kernel (FLASK) ? – Security Enhanced Linux

8 SELinux Terminology Identity Domain Type Role
Similar to, but separate from user ID. They are separate items. su command changes user ID, but not identity (??) Domain A list of what actions a process can perform Examples: sysadmn_t, user_t, named_t Type A list of actions that can be performed on an object (file, directory, etc.). Similar to domain Role Defines what domains a user is allowed to access Examples: user_r, staff_r

9 Security Context A combination of user, role and type Example
Who is the user? What is their role? What can they do? Example ~]$ ls -l ssh.ps -rw-r rcotter rcotter Feb 10 14:16 ssh.ps ~]$ ls -Z ssh.ps -rw-r rcotter rcotter user_u:object_r:user_home_t ssh.ps ~]$

10 Security Model Security Context analysis: John Hit Baseball Subject
12/9/2018 Security Model Security Context analysis: Similar to sentence diagramming John Hit Baseball Subject Verb (action) Object user_u object_r user_home_t User Role Type (domain) cs490ns - cotter

11 Updates in Fedora 4th element of context – level
12/9/2018 Updates in Fedora 4th element of context – level Multi-level security / multi-category security Allows the identification of multiple levels of security Original design was to allow multiple levels and multiple categories. In most systems, only multiple categories re supported. Level S0 is used by default. Allow the use of multiple categories. Text file (/etc/selinux/targeted/settrans.conf) used to provide a human readable form for contexts. Example file: S0:c0=CompanyConfidential S0:c1=PatientRecord S0:c2 unclassified Etc. Designed to secure information in levels (no read up or write down) Bell-LaPadula security model. cs490ns - cotter

12 Security Context in Fedora10
12/9/2018 Security Context in Fedora10 Pictures]$ ls -Z -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_boolean.jpeg -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_boolean.png -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_file_label.jpeg -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_status.jpeg -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_translation.jpeg -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_user.jpeg Pictures]$ cs490ns - cotter

13 SELinux Security Models
Type Enforcement (TE) Confine processes (subjects) to domains by using security contexts. Role-based Access Control (RBAC) Recognizes that users often need to move from 1 domain to another. RBAC rules explicitly allow roles to move from one domain to another Multi-Level Security Enforce Bell-LaPadula security model. Users allowed to read at one level cannot read at higher levels. Also users allowed to write at 1 level are not allowed to write at a lower level. (Ensures that secure information does not propagate to lower levels.

14 TE Security Model Each process is associated with a domain
12/9/2018 TE Security Model Each process is associated with a domain A “sandbox” to limit or control its interactions Each domain is associated with a security context A combination of a resource and the actions allowed on that resource (read a file, execute a program, etc.) Each resource (file, etc.) has a security context. Processes can only act on resources if the security contexts specifically grant access. cs490ns - cotter

15 SELinux Policy Security Context determined by system policy file
12/9/2018 SELinux Policy Security Context determined by system policy file Policy is a compiled file, based on a text file that you define (or a default file that you use). This defines all of the various file and user contexts that you want to be active in your system Compiled policy stored in /etc/selinux/targeted/policy Based on contexts in /etc/selinux/targeted/contexts cs490ns - cotter

16 file_contexts.homedirs
12/9/2018 file_contexts.homedirs Default file context for regular user’s home directory /home/[^/]* -d user_u:object_r:user_home_dir_t /home/[^/]*/ user_u:object_r:user_home_t /home/[^/]*/((www)|(web)|(public_html))(/.+)? user_u:object_r:httpd_user_content_t /home/[^/]*/.*/plugins/libflashplayer\.so.* user_u:object_r:texrel_shlib_t (Also contains default context for root user) cs490ns - cotter

17 SELinux Usage Enable / Disable SELinux
selinuxenabled Set enforcement policy permissive / disabled Setenforce / getenforce Set Policy type Targeted (only monitor specific services and files) Strict (monitor everything) Defined in /etc/selinux/config If targeted, select policies for each service

18 SELinux Commands Global Commands SELinux Files selinuxenabled
12/9/2018 SELinux Commands Global Commands selinuxenabled getenforce setenforce sestatus fixfiles SELinux Files /etc/selinux/config /selinux/booleans cs490ns - cotter

19 SELinux Commands Security Context Control (file contexts)
12/9/2018 SELinux Commands Security Context Control (file contexts) checkpolicy load_policy setfiles restorecon chcon Targeted policy overrides getsebool setsebool togglesebool cs490ns - cotter

20 SELinux Commands Policy Control
12/9/2018 SELinux Commands Policy Control checkpolicy (check and create a new policy) load_policy setfiles restorecon chcon semanage cs490ns - cotter

21 SELinux Commands Process related context information (in man)
ftpd_selinux named_selinux rsync_selinux httpd_selinux nfs_selinux samba_selinux kerberos_selinux nis_selinux ypbind_selinux

22 Setting Security Level – Fedora 14 / CentOS
12/9/2018 Setting Security Level – Fedora 14 / CentOS cs490ns - cotter

23 SELinux tool – F14/CentOS

24 SELinux Troubleshooter(old)

25 SELinux Alert Tool – F14/CentOS

26 SELinux Alert Tool – Details

27 SELinux Alert Tool – Fix

28 SELinux Policy Gen Tool

29 MAC in Ubuntu SELinux is available, but not installed by default
Default approach uses AppArmor Focus is not at system level (as in SELinux), but at the application level. Theory is that most of the security issues arise as the applications level. It is easier to protect (and constrain) an application with AppArmor, as long as you don’t have a lot of applications to protect.

30 SELinux Status SELinux is still very complex.
There are many commands and tools available to manage file and process contexts, and the overall system policy. Default policies and contexts provide a significant level of protection, but adjusting the default policy for individual requirements is still a challenge SELinux troubleshooter offers some help in addressing SELinux issues.

31 References SELinux: NSA’s Open Source Security Enhanced Linux – McCarty – O’Reilly Books 2004 CentOS 5 Red Hat Fedora Linux Secrets – Barkakati – Wiley Press – 2005 Configuring the SELinux Policy – Fedora 10 SELinux manual CentOS 5 SELinux guide

32 Summary SELinux provides a new layer of protection for Linux.
Provides fine grained mandatory access controls that work in addition to existing discretionary access controls (mode bits) Policy file configuration complex (and not yet well documented) Default policy file provides secure operating environment If anything, it is likely to be more restrictive than a user might wish.

Download ppt "SELinux http://www.nsa.gov/research/selinux/index.shtml http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/"

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.

Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Access Control Methodologies

Access Control Methodologies
By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)

By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.
SELinux (Security Enhanced Linux) By: Corey McClurg.

SELinux (Security Enhanced Linux) By: Corey McClurg.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.

Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.
SELinux US/Fedora/13/html/Security-Enhanced_Linux/

SELinux US/Fedora/13/html/Security-Enhanced_Linux/

Similar presentations

Ads by Google