SELinux. Sven Vermeulen

Transcription

1 Sven Vermeulen

2 Who is using one of these?

3 These are Linux distributions that run with enabled by default

4 but what is?

5 but what is? PREVENTS my Something that applications from working?

6 Security Offering security services to the operating system Enhanced Extends existing security subsystems, does not substitute them! Linux Works on all Linux systems as it is part of the main Linux development.

7 White-listing Label-based Fine-grained Kernel level design

8 White-listing design Label-based Fine-grained Kernel level Everything must be modeled for. In enforcing mode, will prevent everything that does not match normalized behavior as per this model. This model is called the policy.

9 White-listing design Label-based Fine-grained <actor> performs <action> against <target> Kernel level In, both actor and target are represented by labels. Not: /opt/httpd/bin/apache binds to port 80 But:...:httpd_t binds to...:http_port_t

10 White-listing Label-based Fine-grained Kernel level design Labels can be assigned to almost anything... and there is no limit to the number of labels. governs system calls and more: 420 access vectors and counting.

11 White-listing design Label-based Fine-grained Security is enforced by the Linux kernel. Kernel level This provides low performance impact, high code visibility and kernellevel permissions.

12 Policy-driven access control Type Enforcement Role-based access control User-based access control Labeled networking Multi-level security features

13 Policy-driven access control features Type Enforcement Role-based access control User-based access control Labeled networking Multi-level security Segregation between rules (policy) and enforcement, allowing for a single, redeployable definition of the normalized behavior. Also: everything is configurable!

14 Who is aware of what virtual patching means?

15 Policy-driven access control features Type Enforcement Role-based access control User-based access control Labeled networking Majority of policy rules are type enforcement, such as: allow httpd_t to bind to the http_port_t tcp socket Multi-level security types

16 Policy-driven access control Type Enforcement Role-based access control User-based access control Labeled networking Multi-level security features Support (user) role definitions, such as database administrator role, and only allow that role the privileges it needs In, this is handled by granting types to the role.

17 Policy-driven access control Type Enforcement Role-based access control User-based access control Labeled networking Multi-level security features Provide segregation of file and resource access based on the user. For instance, joe and john can write to /tmp and these files would have the same type (such as user_tmp_t) but user access restricts sharing, even if joe would chmod 666 the file.

18 Policy-driven access control features Type Enforcement Role-based access control User-based access control Through Labeled IPSec or NetLabel/CIPSO support, policy influence can extend Labeled networking beyond a single host as Multi-level security labels are passed on on the network layer.

19 Policy-driven access control Type Enforcement Role-based access control User-based access control Labeled networking Multi-level security features Support sensitivity levels so that specific information ( confidential ) cannot be handled by either lower level processes or those not having the right category assigned. can be used to implement the Bell-LaPadula model (no read up, no write down).

20 More info needed? Your distribution has lots of specific documentation Fedora: RedHat: rity-enhanced_linux/ Gentoo: Distribution-agnostic Books & other material System Administration (Packt Publishing)

21 Any questions?