Presentation is loading. Please wait.

Presentation is loading. Please wait.

SELinux: Best Practices and What's New in Red Hat Enterprise Linux 5 Name Dan Walsh Date Wednesday May 9 th 2007.

Published byNora Barton Modified over 8 years ago

Similar presentations

Presentation on theme: "SELinux: Best Practices and What's New in Red Hat Enterprise Linux 5 Name Dan Walsh Date Wednesday May 9 th 2007."— Presentation transcript:

1 SELinux: Best Practices and What's New in Red Hat Enterprise Linux 5 Name Dan Walsh Date Wednesday May 9 th 2007

2

3 All Software SUCKS! MALWARE SPYWARE VIRUS WORMS Stolen Personal Data ● Marshalls ● Fidelity ● US Government Microsoft Windows

4

5 LEAVE SELinux On EVERYWHERE! STOP credit card data from being stolen STOP SPAM mail attacks from your compromised servers. STOP worms from attaching your web sites STOP trusting your Applications to do the Right thing. SELinux is your last line of DEFENSE.

6 S.M.U.T Secure Manageable Ultra Trusted

7 Secure Red Hat Enterprise Linux 4 ● 15 Targets ● Built on Fedora Core 2/3 Experience Red Hat Enterprise Linux 5 ● 200 Targets ● Built on Fedora Core 2/3/4/5/6 RHEL4 Experience All system applications minimal privilege Entire System Space is covered by SELinux policy All processes started during boot up have defined SELinux domains User space logins are still allowed to run execute Unconfined. ● Executable Memory checks confine user space to help prevent Buffer Overflow attacks.

8 Manageable - Troubleshooting What the H**L is going on???? tail /var/log/audit/audit.log type=AVC msg=audit(1176392795.244:2036): avc: denied { getattr } for pid=6705 comm="httpd" name="index.html" dev=dm-0 ino=3180003 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file

9

10 Manageable - Troubleshooting Just make it work???? # grep httpd /var/log/audit/audit.log | audit2allow -M myhttp # semodule -i myhttpd.pp

11 Manageable - Configurable

12 Manageable - Customizable

13

14 Manageable - Bugzilla Module ====================== Policy ========================================== policy_module(bugzilla, 1.0) apache_content_template(bugzilla) allow httpd_bugzilla_script_t self:netlink_route_socket r_netlink_socket_perms; files_search_var_lib(httpd_bugzilla_script_t) optional_policy(` mysql_search_db(httpd_bugzilla_script_t) mysql_stream_connect(httpd_bugzilla_script_t) ') optional_policy(` postgresql_stream_connect(httpd_bugzilla_script_t) ') =============================== File context ========================= /usr/share/bugzilla(/.*)? -d gen_context(system_u:object_r:httpd_bugzilla_content_t,s0) /usr/share/bugzilla(/.*)? -- gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0) /var/lib/bugzilla(/.*)? gen_context(system_u:object_r:httpd_bugzilla_script_rw_t,s0)

15 Ultra Trusted

16 Collaborative Effort

17 Ultra Trusted Standards ● Controlled Access Protection Profile - EAL4/CAPP ● Labeled Security Protection Profile - EAL4+/LSPP ● Multi Level Security (MLS) ● SELinux is the only mainstream OS in the world with MLS AND Type Enforcement. ● SELinux is being used all over Department of Defense including War Zones. ● Unlike Trusted OS's ● SELinux == Red Hat Enterprise Linux

18 S.M.U.T Secure Manageable Ultra Trusted

19 If you want to protect your data. Run it on Red Hat Enterprise Linux 5 with SELinux

20 Leave SELinux running Everywhere

Download ppt "SELinux: Best Practices and What's New in Red Hat Enterprise Linux 5 Name Dan Walsh Date Wednesday May 9 th 2007."

Similar presentations

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory.

Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)

By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)
Computer Viruses.

Computer Viruses.
System Hardening Borrowed from the CLICS group. System Hardening How do we respond to problems? (e.g. operating system deadlock) Detect Detect (Detect.

System Hardening Borrowed from the CLICS group. System Hardening How do we respond to problems? (e.g. operating system deadlock) Detect Detect (Detect.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Shane Jahnke CS591 December 7, 2009.  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Security Enhanced Linux (SELinux)

Security Enhanced Linux (SELinux)
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.

Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.
SELinux US/Fedora/13/html/Security-Enhanced_Linux/

SELinux US/Fedora/13/html/Security-Enhanced_Linux/
Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.

Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.
FOSS Security through SELinux (Security Enhanced Linux) M.B.G. Suranga De Silva Information Security Specialist TECHCERT c/o Department of Computer Science.

FOSS Security through SELinux (Security Enhanced Linux) M.B.G. Suranga De Silva Information Security Specialist TECHCERT c/o Department of Computer Science.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Linux Security LINUX SECURITY. Firewall Linux Security Internet Database Application Web Server Firewall.

Linux Security LINUX SECURITY. Firewall Linux Security Internet Database Application Web Server Firewall.
A Practical Guide to Fedora and Red Hat Enterprise Linux Unit 6: More Scripting in Linux Chapter 17: Configuring a LAN By Fred R. McClurg Linux Operating.

A Practical Guide to Fedora and Red Hat Enterprise Linux Unit 6: More Scripting in Linux Chapter 17: Configuring a LAN By Fred R. McClurg Linux Operating.

Similar presentations

Ads by Google