Presentation is loading. Please wait.

Presentation is loading. Please wait.

SELinux US/Fedora/13/html/Security-Enhanced_Linux/

Published byLynne Richards Modified over 8 years ago

Similar presentations

Presentation on theme: "SELinux US/Fedora/13/html/Security-Enhanced_Linux/"— Presentation transcript:

1 SELinux http://www.nsa.gov/research/selinux/index.shtml http://docs.fedoraproject.org/en- US/Fedora/13/html/Security-Enhanced_Linux/

2 cs490ns - cotter2 Outline What is the problem? What is SELinux? What is it trying to do? How does it work?

3 cs490ns - cotter3 The Problem: Virus / security attacks - up System complexity – up Network connectivity – up Code sophistication – up –More active content –More mobile code

4 cs490ns - cotter4 The Problem: Patch cycle –Attackers find a vulnerability and develop an exploit –Users / testers discover an exploit and develop a patch to negate the exploit –Protecting the systems in the period between when the exploit is developed and when the patch is distributed is called the 0-Day problem

5 cs490ns - cotter5 The Issue : The Problem: –How do you defend against an exploit that hasn’t been developed? A Possible Solution: –Control access to resources to limit exposure – and thus the chances for an exploit –Also manage access controls such that, if an exploit is successful, there is a strict limit on the resources available to the exploit

6 cs490ns - cotter6 Access Control Linux (and most other OSs) implement discretionary access control over resources –Users have the discretion to allow or deny access to resources that they control If a process is compromised, it operates with the access controls given to that process (those of the user/owner). Higher level security implements access control in the system (mandatory access control). –Access to resources is managed by a security policy, not user decisions.

7 cs490ns - cotter7 SELinux History Mandatory access controls (MAC) used in high security systems (military) for years. NSA began work on embedding MAC into existing operating systems –1991 -1992 – Mach OS –1993 -1995 – Distributed Trusted OS –1998 -1999 – Flux Advanced Security Kernel (FLASK) –2000 - ? – Security Enhanced Linux

8 cs490ns - cotter8 SELinux Terminology Identity –Similar to, but separate from user ID. They are separate items. –su command changes user ID, but not identity (??) Domain –A list of what actions a process can perform –Examples: sysadmn_t, user_t, named_t Type –A list of actions that can be performed on an object (file, directory, etc.). Similar to domain Role –Defines what domains a user is allowed to access –Examples: user_r, staff_r

9 cs490ns - cotter9 Security Context A combination of user, role and type –Who is the user? –What is their role? –What can they do? Example [rcotter@kc-sce-450p2 ~]$ ls -l ssh.ps -rw-r----- 1 rcotter rcotter 67014 Feb 10 14:16 ssh.ps [rcotter@kc-sce-450p2 ~]$ ls -Z ssh.ps -rw-r----- rcotter rcotter user_u:object_r:user_home_t ssh.ps [rcotter@kc-sce-450p2 ~]$

10 cs490ns - cotter10 Security Model Security Context analysis: –Similar to sentence diagramming JohnHitBaseball SubjectVerb (action)Object user_uobject_ruser_home_t UserRoleType (domain)

11 cs490ns - cotter11 Updates in Fedora 4 th element of context – level –Multi-level security / multi-category security –Allows the identification of multiple levels of security Original design was to allow multiple levels and multiple categories. In most systems, only multiple categories re supported. Level S0 is used by default. – Allow the use of multiple categories. Text file (/etc/selinux/targeted/settrans.conf) used to provide a human readable form for contexts. Example file: –S0:c0=CompanyConfidential –S0:c1=PatientRecord –S0:c2 unclassified –Etc. –Designed to secure information in levels (no read up or write down) Bell-LaPadula security model.

12 cs490ns - cotter12 Security Context in Fedora10 [rcotter@fedora10-sce-bobc Pictures]$ ls -Z -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_boolean.jpeg -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_boolean.png -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_file_label.jpeg -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_status.jpeg -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_translation.jpeg -rw-rw-r-- rcotter rcotter unconfined_u:object_r:user_home_t:s0 selinux_user.jpeg [rcotter@fedora10-sce-bobc Pictures]$

13 cs490ns - cotter13 SELinux Security Models Type Enforcement (TE) –Confine processes (subjects) to domains by using security contexts. Role-based Access Control (RBAC) –Recognizes that users often need to move from 1 domain to another. RBAC rules explicitly allow roles to move from one domain to another Multi-Level Security –Enforce Bell-LaPadula security model. –Users allowed to read at one level cannot read at higher levels. Also users allowed to write at 1 level are not allowed to write at a lower level. (Ensures that secure information does not propagate to lower levels.

14 cs490ns - cotter14 TE Security Model Each process is associated with a domain –A “sandbox” to limit or control its interactions Each domain is associated with a security context –A combination of a resource and the actions allowed on that resource (read a file, execute a program, etc.) Each resource (file, etc.) has a security context. –Processes can only act on resources if the security contexts specifically grant access.

15 cs490ns - cotter15 SELinux Policy Security Context determined by system policy file –Policy is a compiled file, based on a text file that you define (or a default file that you use). This defines all of the various file and user contexts that you want to be active in your system –Compiled policy stored in /etc/selinux/targeted/policy –Based on contexts in /etc/selinux/targeted/contexts

16 cs490ns - cotter16 file_contexts.homedirs Default file context for regular user’s home directory /home/[^/]* -d user_u:object_r:user_home_dir_t /home/[^/]*/.+ user_u:object_r:user_home_t /home/[^/]*/((www)|(web)|(public_html))(/.+)? user_u:object_r:httpd_user_content_t /home/[^/]*/.*/plugins/libflashplayer\.so.* -- user_u:object_r:texrel_shlib_t (Also contains default context for root user)

17 cs490ns - cotter17 SELinux Usage Enable / Disable SELinux –selinuxenabled Set enforcement policy permissive / disabled –Setenforce / getenforce Set Policy type –Targeted (only monitor specific services and files) –Strict (monitor everything) –Defined in /etc/selinux/config If targeted, select policies for each service

18 cs490ns - cotter18 SELinux Commands Global Commands –selinuxenabled –getenforce –setenforce –sestatus –fixfiles SELinux Files –/etc/selinux/config –/selinux/booleans

19 cs490ns - cotter19 SELinux Commands Security Context Control (file contexts) –checkpolicy –load_policy –setfiles –restorecon –chcon Targeted policy overrides –getsebool –setsebool –togglesebool

20 cs490ns - cotter20 SELinux Commands Policy Control –checkpolicy (check and create a new policy) –load_policy –setfiles –restorecon –chcon –semanage

21 cs490ns - cotter21 SELinux Commands Process related context information (in man) –ftpd_selinux –named_selinux –rsync_selinux –httpd_selinux –nfs_selinux –samba_selinux –kerberos_selinux –nis_selinux –ypbind_selinux

22 Setting Security Level – Fedora 14 / CentOS cs490ns - cotter22

23 cs490ns - cotter23 SELinux tool – F14/CentOS

24 cs490ns - cotter24 SELinux Troubleshooter(old)

25 SELinux Alert Tool – F14/CentOS cs490ns - cotter25

26 SELinux Alert Tool – Details cs490ns - cotter26

27 SELinux Alert Tool – Fix cs490ns - cotter27

28 SELinux Policy Gen Tool cs490ns - cotter28

29 cs490ns - cotter29 MAC in Ubuntu SELinux is available, but not installed by default Default approach uses AppArmor –Focus is not at system level (as in SELinux), but at the application level. –Theory is that most of the security issues arise as the applications level. –It is easier to protect (and constrain) an application with AppArmor, as long as you don’t have a lot of applications to protect.

30 cs490ns - cotter30 SELinux Status SELinux is still very complex. –There are many commands and tools available to manage file and process contexts, and the overall system policy. –Default policies and contexts provide a significant level of protection, but adjusting the default policy for individual requirements is still a challenge –SELinux troubleshooter offers some help in addressing SELinux issues.

31 cs490ns - cotter31 References SELinux: NSA’s Open Source Security Enhanced Linux – McCarty – O’Reilly Books 2004 CentOS 5 –http://wiki.centos.org/HowTos/SELinux Red Hat Fedora Linux Secrets – Barkakati – Wiley Press – 2005 Configuring the SELinux Policy – –http://www.nsa.gov/selinux/papers/policy2-abs.cfmhttp://www.nsa.gov/selinux/papers/policy2-abs.cfm Fedora 10 SELinux manual –http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/ CentOS 5 SELinux guide –http://www.centos.org/docs/5/html/5.1/Deployment_Guide/rhlc ommon-chapter-0017.html

32 cs490ns - cotter32 Summary SELinux provides a new layer of protection for Linux. Provides fine grained mandatory access controls that work in addition to existing discretionary access controls (mode bits) Policy file configuration complex (and not yet well documented) Default policy file provides secure operating environment –If anything, it is likely to be more restrictive than a user might wish.

Download ppt "SELinux US/Fedora/13/html/Security-Enhanced_Linux/"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Access Control Methodologies

Access Control Methodologies
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)

By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)
1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.
SELinux (Security Enhanced Linux) By: Corey McClurg.

SELinux (Security Enhanced Linux) By: Corey McClurg.
Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Shane Jahnke CS591 December 7, 2009.  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Similar presentations

Ads by Google