SELinux Overview DAC vs MAC Discretionary Access Control Mandatory

Slides:



Advertisements
Similar presentations
Basic Unix system administration
Advertisements

Exploring the UNIX File System and File Security
SELinux (Security Enhanced Linux) By: Corey McClurg.
GNU/Linux Filesystem 1 st AUT GNU/Linux Festival Computer Engineering & IT Department Bahador Bakhshi.
Guide To UNIX Using Linux Third Edition
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
File System and Directory Structure in Linux. What is File System In a computer, a file system is the way in which files are named and where they are.
Introduction to Linux Installing Linux User accounts and management Linux’s file system.
Secure Operating Systems
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.
SELinux US/Fedora/13/html/Security-Enhanced_Linux/
Linux kernel security Professor: Mahmood Ranjbar Authors: mohammad Heydari Mahmood ZafarArjmand Zohre Alihoseyni Maryam Sabaghi.
Security Enhanced Linux David Quigley. History SELinux Timeline 1985:LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999:
FOSS Security through SELinux (Security Enhanced Linux) M.B.G. Suranga De Silva Information Security Specialist TECHCERT c/o Department of Computer Science.
1 Implementation of Security-Enhanced Linux Yue Cui Xiang Sha Li Song CMSC 691X Project 2—Summer 02.
CIS 290 Linux Security Program Authentication Module and Security Enhanced LINUX.
Using the Flask Security Architecture to Facilitate Risk Adaptable Access Control March 31 Younsik Jeong Ph.D. Student.
Chapter Two Exploring the UNIX File System and File Security.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
Manage Directories and Files in Linux. 2 Objectives Understand the Filesystem Hierarchy Standard (FHS) Identify File Types in the Linux System Change.
Chapter Two Exploring the UNIX File System and File Security.
Review Please hand in any homework and practicals Vim Scripting Inter-device communication.
SELinux. The need for secure OS Increasing risk to valuable information Dependence on OS protection mechanisms Inadequacy of mainstream operating systems.
Linux Commands C151 Multi-User Operating Systems.
Linux Filesystem WeeSan Lee. Roadmap Disk Partitions The Filesystem Filesystem Mouting & Umounting File Tree File Type File Permission.
Chapter 10: File-System Interface Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Jan 1, 2005 File-System Interface.
The Unix File system (UFS) Presented by: Gurpreet Singh Assistant Professor Department of School of Computing and Engineering Galgotias University.
The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather.
UNIX File System By Vishal Desai. Introduction Basic purpose of file system: Represent and organize the system resources. But UNIX File System also maps.
Privilege Management Chapter 22.
Security-Enhanced Linux Eric Harney CPSC 481. What is SELinux? ● Developed by NSA – Released in 2000 ● Adds additional security capabilities to Linux.
Lecture 02 File and File system. Topics Describe the layout of a Linux file system Display and set paths Describe the most important files, including.
5/7/2007CoreMcClug/SELinux 1 By: Corey McClurg. Outline A History of SELinux What is SELinux and how do I get it? Getting Started Mandatory Access Control.
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Karlstad University Operating System security Ge Zhang Karlstad University.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
LINUX Zhengli Zhu, School of Life Sciences. Outline 1. ABC of Linux 2. Basic orers of Linux 3. Bash Programming.
ORAFACT The Linux File System. ORAFACT Filesystem Support Support for dozens of filesystem types including: Minix, ext2, MS-DOS, UMSDOS, VFAT, NTFS, NFS,
Installing Linux: Partitioning and File System Considerations Kevin O'Brien Washtenaw Linux Users Group
Linux Administration – Finding You Way on the Command Line The Linux File Directory or Tree.
How to live with SELinux
MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.
Overview of NSA Security Enhanced Linux Russell Coker.
SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh
SE Linux Implementation Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework.
Secure Operating System
File permissions Operating systems I800
Linux 101 Training Module Linux Basics.
Secure Operating System Example: SELinux
Linux file system "On a UNIX system, everything is a file;
Demystifying SELinux: WTF is it saying?
Basic Commands ls cp ls –l (in detail format) echo ls –a
C151 Multi-User Operating Systems
linux and related thing
UNIX Filesystem and Hierarchy
SELinux in 20 Minutes LCA Miniconf Jan. 28th, Canberra AU
SELinux RHEL5: A benchmark
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Exploring the UNIX File System and File Security
CE Operating Systems Lecture 21
SELinux (Security Enhanced Linux)
Chapter 7 File and file System structure
SELinux
Software I: Utilities and Internals
Computer Security Access Control
Access Control and Audit
January 26th, 2004 Class Meeting 2
Presentation transcript:

SELinux Overview DAC vs MAC Discretionary Access Control Mandatory Steve Musacchia smxsteve@yahoo.com

SELinux Books

SELinux History Not going to talk much about the history. “Look it up” Except to say that since the 70's various forms of computer security have been developed. One of which is “type” enforcement. Early systems were the “LOCK” system and later the “FLASK” OS. The NSA was involved and wanted the technology of FLASK to be available in a mainstream OS -- SELinux was born – first patches going into the 2.2.x kernel.

SELinux's main concept To access objects, the subjects type must be authorized for the objects type, regardless of the identity of the subject. OK!

Objects Subjects SELinux Concepts * Files * Sockets * Interprocess Communications * Network Hosts * ... Subjects * Processes

Security Contexts SELinux Concepts * Everything (subjects and objects) have a single scontext associated with it. * scontexts have 3 elements user : role : type

Security Contexts SELinux Concepts * Of user : role : type, Very important * Of user : role : type, The type identifier is the primary part that is used to determine access. * A subjects type is called a “domain”. I quote from the book... (process) “For historical reasons, the type of a process is called a domain. The use of “domain” and “domain type” to mean the type of a process is so common and pervasive that we do not attempt to avoid using the term domain. In general, consider domain, domain type , subject type, and process type to be synonymous.

Security Contexts SELinux Concepts What do they look like in real life? Path Name Security Context ------------------------------------------------------------------------------------- /bin system_u : object_r : bin_t /usr system_u : object_r : usr_t /bin/passwd system_u ; object_r : passwd_exec_t /root/.bash_history root : object_r : user_home_t /var/www system_u : object_r : httpd_sys_content_t /var/lib system_u : object_r : var_lib_t Notice that they all have a suffix of either _u, _r or _t Notice that system_u and object_r get repeated a lot.

Security Contexts SELinux Concepts An actual directory listing of / on Fedora7 drwxr—xr-x root root system_u:object_r:bin_t bin drwxr-xr-x root root system_u:object_r:boot_t boot drwxr-xr-x root root system_u:object_r:device_t dev drwxr-xr-x root root system_u:object_r:etc_t etc drwxr-xr-x root root system_u:object_r:home_root_t home drwxr-xr-x root root system_u:object_r:lib_t lib drwx------ root root system_u:object_r:lost_found_t lost+found drwxr-xr-x root root system_u:object_r:mnt_t media drwxr-xr-x root root system_u:object_r:autofs_t misc drwxr-xr-x root root system_u:object_r:mnt_t mnt drwxr-xr-x root root system_u:object_r:autofs_t net drwxr-xr-x root root system_u:object_r:usr_t opt dr-xr-xr-x root root system_u:object_r:proc_t proc drwxrwxrwx root root system_u:object_r:tmp_t public drwxr-x--- root root root:object_r:user_home_dir_t root drwxr-xr-x root root system_u:object_r:bin_t sbin drwxr-xr-x root root system_u:object_r:security_t selinux drwxr-xr-x root root system_u:object_r:var_t srv drwxr-xr-x root root system_u:object_r:sysfs_t sys drwxrwxrwt root root system_u:object_r:tmp_t tmp drwxr-xr-x root root system_u:object_r:usr_t usr drwxr-xr-x root root system_u:object_r:var_t var

-Z Security Contexts SELinux Concepts Some commands modified to support SELinux -Z A new option: Displays security contexts

ls -Z id -Z ps -Z Security Contexts SELinux Concepts Commands modified to support SELinux ls -Z id -Z ps -Z even cp -Z Others ...

Security Contexts - Filesystems SELinux Concepts Security Contexts - Filesystems Filesystems must support “extended attributes” The security context is stored in the extended attributes capability of the filesystem. Ext2/3/4 are known to work. Reiser 3 – not sure – I don't think it does. Reiser 4 – I believe it does XFS does work. Not sure about others.

Security Contexts - Mounts SELinux Concepts Security Contexts - Mounts A single scontext is applied to the mount point of a filesystem that does not support scontexts so the whole thing has 1 scontext. There may be other ways to handle scontexts that I don't know about for mounted filesystems of various types.

Major Policy choices SELinux Concepts There are 2 Major Policy Selections in SELinux Strict Policy - Just what is says strict and unforgiving Targeted Policy - Much easier to deal with. By default RHEL and Fedora use the Targeted Policy. Fedora Core 2 came out with the Strict policy and most people couldn't handle it. They just had to turn it off.

Modes of Enforcement SELinux Concepts There are 3 Modes of Enforcement in SELinux 1. Disabled - Just turn it off. 2. Permissive - On but just logging accesses. 3. Enforcing - Accesses blocked and logged.

Commands of SELinux (some) SELinux Concepts Commands of SELinux (some) sestatus information about the current state. getenforce get the enforcement mode. setenforce change the enforcement mode. chcon change the scontext of object runcon run in a different scontext fixfiles reset scontexts on files restorecon similar to above (some overlap) setfiles used for larger changes. newrole change role

SELinux and Linux Permissions SELinux Concepts SELinux and Linux Permissions Linux permissions... are still in effect. are consulted first; if standard linux permissions would not allow access then access is denied without even consulting SELinux. So SELinux can allow access but that's not enough.

-------------------------------------- There is NO default superuser SELinux Concepts SELinux Default Access Rule ACCESS DENIED All access must be explicitly granted. SELinux allows no access by default regardless of the Linux user/group ID -------------------------------------- There is NO default superuser

Type enforcement access control SELinux Concepts Type enforcement access control The way access is granted is by specifying access from a subject type and an object type using an “allow” rule. An allow rule has 4 elements. 1. Source type Usually the domain type of a process attempting access. 2. Target type The type of an object being accessed by the process. 3. Object Class The class of object that the specified access is permitted. 4. Permissions The kind of access that the source type is allowed to the target type for the indicated object class

Type enforcement access control SELinux Concepts Type enforcement access control An example allow rule: allow user_t bin_t : file { read execute getattr } Subject = user_t Object = bin_t Class = file Permissions = read execute getattr Translation: A process with a domain type of user_t can read, execute, or get attributes for a file object with a type of bin_t

A problem to be solved: SELinux Concepts Joe needs to change his password. I.E. Modify the /etc/shadow file. Normally he can do this because passwd is setuid root. But, that means the passwd program can, if corrupted, modify any file on the system because it runs as root! In fact, any program run by root can potentially modify any file on the system.

Type enforcement Example SELinux Concepts Type enforcement Example The start of a solution would be to label the /usr/bin/passwd program to a certain type, say passwd_t and label the /etc/shadow file with shadow_t and create an allow rule like this: allow passwd_t shadow_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } Translation: A process with a domain type of passwd_t can read, execute, blah, blah, blah, ... a file object with a type of shadow_t

Type enforcement Example SELinux Concepts Type enforcement Example ls -Z /etc/shadow -r-------- root root system_u:object_r:shadow_t shadow ps -aZ joe:user_r:user_t 16532 pts/0 00:00:00 bash ls -Z /usr/bin/passwd -rwsr-xr-x root root system_u:object_r:passwd_exec_t passwd allow passwd_t shadow_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } That allow rule is not enough – there has to be more to it. There is!

Domain Transitions SELinux Concepts execve() is the only way to change a domain type.

Domain Transitions SELinux Concepts Super Important allow passwd_t passwd_exec_t : file entrypoint This rule defines which executable may “enter” a domain. For a Domain Transition, the new (to-be-entered) domain must have entrypoint access. Here, passwd_t is to-be-entered. With this, we have a situation that only the password program can run in the passwd_t domain type. “This is powerfull security control.” Super Important

Domain Transitions SELinux Concepts allow user_t passwd_t : process transition; Notice that this is the first allow rule that has “process” instead of “file” as it's object class. The 3 rules together provide access for a domain transition to occur. For domain transition to succeed, all 3 are necessary; not one alone is sufficient.

SELinux Concepts Domain Transitions

Domain Transitions SELinux Concepts The following 3 things must be true for a domain transition to occur 1. The process' new domain type has entrypoint access to the executable file type. 2. The process' current (or old) domain type has execute access to the entrypoint file type. 3. The process' current domain type has transition access to the new domain type.

Domain Transitions Um, one more thing... SELinux Concepts To support domain transitions occurring by default, we need one more rule. type_transition user_t passwd_exec_t : process passwd_t

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.