MESSAGE
DATE | 2015-05-04 |
FROM | Ruben Safir
|
SUBJECT | Subject: [LIU Comp Sci] ACL and beyound security in linux
|
From owner-learn-outgoing-at-mrbrklyn.com Mon May 4 23:36:55 2015 Return-Path: X-Original-To: archive-at-mrbrklyn.com Delivered-To: archive-at-mrbrklyn.com Received: by mrbrklyn.com (Postfix) id 912A81612F0; Mon, 4 May 2015 23:36:55 -0400 (EDT) Delivered-To: learn-outgoing-at-mrbrklyn.com Received: by mrbrklyn.com (Postfix, from userid 28) id 7C3421612F2; Mon, 4 May 2015 23:36:55 -0400 (EDT) Delivered-To: learn-at-nylxs.com Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) by mrbrklyn.com (Postfix) with ESMTP id D655C1612F0 for ; Mon, 4 May 2015 23:36:31 -0400 (EDT) Received: from panix2.panix.com (panix2.panix.com [166.84.1.2]) by mailbackend.panix.com (Postfix) with ESMTP id 3ED1612C2F; Mon, 4 May 2015 23:36:31 -0400 (EDT) Received: by panix2.panix.com (Postfix, from userid 20529) id 224C133C37; Mon, 4 May 2015 23:36:31 -0400 (EDT) Date: Mon, 4 May 2015 23:36:31 -0400 From: Ruben Safir To: Mohammed Ghriga Cc: learn-at-nylxs.com Subject: [LIU Comp Sci] ACL and beyound security in linux Message-ID: <20150505033630.GA15006-at-panix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) Sender: owner-learn-at-mrbrklyn.com Precedence: bulk Reply-To: learn-at-mrbrklyn.com
Real security comes from far more than just control of specific resources. I'm just saying that.
Now, with regards to tonights class on File Systems, there is a more advanced set of tools
http://selinuxproject.org/page/Main_Page
SELinux Project Wiki
This is the official Security Enhanced Linux (SELinux) project page. Here you will find resources for users, administrators, vendors and developers.
For an account, send email to jmorris AT namei.org. [edit] What is SELinux
SELinux is a security enhancement to Linux which allows users and administrators more control over access control.
Access can be constrained on such variables as which users and applications can access which resources. These resources may take the form of files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications.
SELinux also adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on. SELinux allows you to specify access to many resources other than files as well, such as network resources and interprocess communication (IPC).
For more information about SELinux see the FAQ and other resources listed here.
FAQ Contents
1 What is SELinux really? 2 How does SELinux work? 3 Do I have to write policies to use SELinux? 4 Where do I get these policies? 5 Who writes these policies? 6 Is SELinux a firewall? 7 Is it useful for a desktop? 8 Is SELinux enabled on my system? 9 Why should I use SELinux? 10 How do I disable SELinux?
[edit] What is SELinux really?
SELinux is an implementation of mandatory access controls (MAC) on Linux. Mandatory access controls allow an administrator of a system to define how applications and users can access different resources such as files, devices, networks and inter-process communication.
With SELinux an administrator can differentiate a user from the applications a user runs. For example, the user shell or GUI may have access to do anything he wants with his home directory but if he runs a mail client the client may not be able to access different parts of the home directory, such as his ssh keys.
The way that an administrator sets these permissions is with the centralized SELinux policy. The policy tells the system how different components on the system can interact and use resources. The policy typically comes from your distribution but it can be updated on the end system to reflect different configurations or application behavior. [edit] How does SELinux work?
Though it uses multiple security models to do its job, the type enforcement model is most important to SELinux. A type is a way of classifying an application or resource. Type enforcement is the enforcement of access control on that type. All files, processes, network resources, etc on an SELinux system has a label, and one of the components of that label is the "type". For example the files in your home directory are probably labeled user_home_t. user_home_t is the type and in this case it means that the policy should treat all those files as your home directory files.
Running applications also have labels. For example, your web browser may be running as firefox_t. Type enforcement simply allows you to specify what application label can access what resource label. In the most simple terms SELinux lets you allow an application to do something with a resource:
allow firefox_t user_home_t : file { read write };
This simply allows your web browser, running as firefox_t to read and write files in your home directory, labeled as user_home_t. [edit] Do I have to write policies to use SELinux?
In general, no. Distributions such as Fedora and Red Hat Enterprise Linux come with many policies which allow applications to do everything necessary in their default configurations. If you are a power user who customizes how applications and services work on your system then you may need to update the policy to reflect that. More times than not a simple file relabel can enable your custom configuration to work with SELinux. [edit] Where do I get these policies?
When SELinux comes with a distribution it will have policies included to lock down various applications. The number of applications locked down and how strict the policies are depends on how your distribution has configured the policy. All policies included in distributions today, however, are based off of the Reference Policy and therefore a user can add additional policies from the Reference Policy or can reconfigure the strictness of the policies. The reference policy is available at its project page. [edit] Who writes these policies?
The policies in the Reference Policy are written by distributions based on user feedback of application behaviors and security professionals. Tresys Technology actively maintains the Reference Policy upstream by reviewing and integrating the changes sent to the project mail list. [edit] Is SELinux a firewall?
Though often confused with one, SELinux is not a firewall. A firewall controls the flow of traffic to and from a computer to the network. SELinux can confine access of programs within a computer and hence can be conceptually thought of a internal firewall between programs. Security works best when multiple layers are used and SELinux is complimentary to a firewall and other security features. [edit] Is it useful for a desktop?
Absolutely. Though most distributions targeted services such as Apache when they initially integrated SELinux there are many desktop services confined and confining desktop applications is a great way to keep malicious content online from compromising your important data. [edit] Is SELinux enabled on my system?
To find out if SELinux is enabled on your system you can run sestatus. If the SELinux status says enforcing you are being protected by SELinux. If it says permissive SELinux is enabled but is not protecting you, and disabled means it is completely disabled. [edit] Why should I use SELinux?
In short because SELinux can help protect you from bugs in applications. Most people treat applications as user surrogates (e.g., "I go to google.com" not "I tell my browser to go to google.com and it does so on my behalf"). However applications, especially the desktop applications we all use, come in at millions of lines of code. Without knowing what those millions of lines of code do there is no way to know if an application will really do what you tell it or if it becomes malicious because of vulnerabilities. With SELinux you can treat the applications you run differently from yourself thereby limiting what an exploited application can do. [edit] How do I disable SELinux?
Though we feel that most users should leave SELinux enabled, especially because it can help mitigate zero-day attacks, we understand that there are some circumstances where it may need to be disabled.
If you feel like SELinux is stopping an application from working it is best to put it in permissive mode and test the application. If the application runs correctly in permissive mode but not enforcing you may need to add some rules to the policy, or relabel some files. Check the users and administrators section for details on doing this.
To put an SELinux system into permissive mode temporarily you can run setenforce as root:
# setenforce 0
If you are having issues booting up and would like to boot your system with SELinux in permissive mode you can edit the /etc/selinux/config file and change the SELINUX variable to permissive (this will not set the current running mode of SELinux).
To disable SELinux altogether you can change the SELINUX variable in /etc/selinux/config to DISABLED and reboot.
Article Discussion Edit History
Log in / create account
Navigation
Main Page Recent changes Random page Credits
Search Toolbox
What links here Related changes Special pages Printable version Permanent link Cite this article
Powered by MediaWiki
This page was last modified 13:56, 16 October 2009. This page has been accessed 67,362 times. Privacy policy About SELinux Wiki Disclaimers
|
|