diff options
Diffstat (limited to 'html/selinux/hb-intro-enhancingsecurity.html')
-rw-r--r-- | html/selinux/hb-intro-enhancingsecurity.html | 219 |
1 files changed, 0 insertions, 219 deletions
diff --git a/html/selinux/hb-intro-enhancingsecurity.html b/html/selinux/hb-intro-enhancingsecurity.html deleted file mode 100644 index 09b8c12..0000000 --- a/html/selinux/hb-intro-enhancingsecurity.html +++ /dev/null @@ -1,219 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html lang="en"> -<head> -<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> -<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css"> -<link REL="shortcut icon" HREF="favicon.ico" TYPE="image/x-icon"> -<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website"> -<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums"> -<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla"> -<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages"> -<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives"> -<title>Gentoo Linux Handbook Page --- - </title> -</head> -<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0"> -<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr> -<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr> -<td width="99%" class="content" valign="top" align="left"> -<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1. - </span>Introduction</p> -<p class="secthead"><a name="doc_chap1_sect1">A Warm Welcome</a></p> -<p> -Welcome to the Gentoo SELinux handbook. In this resource, we will bring you up -to speed with Gentoo Hardened's implementation of SELinux and the policies -involved. Part of this exercise is to help you understand why SELinux was -brought to life and which concept is behind the development of the SELinux -patches. We will cover the SELinux concepts, the reference policy that Gentoo -Hardened uses and elaborate on how to work with the various SELinux tools. -</p> -<p> -The purpose of this book is not to explain SELinux itself in great detail. There -are many references available on the Internet and in the better bookstores that -help you with the SELinux topic. Instead, we will focus on SELinux integration -within Gentoo Hardened. Of course, we will give a quick introduction to SELinux -to allow you to understand how it works, what it is and help you identify which -actions you will need to take in order to properly secure your system using the -SELinux tools. -</p> -<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1. - </span>Securing Linux</p> -<p class="secthead"><a name="doc_chap1_sect1">Security In General</a></p> -<p> -Security is often seen as a vague concept. What is security in general? How do -you measure security? What is the benefit and how do you make sure you do not -put too much effort in securing your system? -</p> -<p> -Well, security zealots will tell you that there is no such thing as too much -security. If properly implemented, security does not restrict functionality or -performance. It does not give you too much overhead in order to do your tasks. -But implementing security properly is a different and time-consuming task. That -is also why you often hear that security is as good as its administrator. -</p> -<p> -So, how can you look at security? A good practice on security is to define your -security goals. List what you want to achieve and why. By tracking the threats -that you want to minimize, you build up a security model that is appropriate for -your environment. Such threats can be very broad, such as "Ensure no-one is able -to work around our security measures". -</p> -<p> -In case of a Linux system powered with SELinux, this would at least mean that -you want to protect critical system files, such as kernel image(s) and boot -loader configuration, passwords and the SELinux policy binary itself from being -written by anyone or anything except trusted processes. -</p> -<p class="secthead"><a name="doc_chap1_sect1">Access Control</a></p> -<p> -A decent access control system (or group of systems) ensures that only -authorized individuals or processes are granted access to the resources they are -tring to work with. -</p> -<p> -Before one can implement an access control system, you first need to have proper -authentication in place. If your authentication schemes are flawed, your access -control system might not be able to differentiate legitimate users from -malicious ones. -</p> -<p> -Authenticating users within Linux is often done through PAM (<span class="emphasis">Pluggable -Authentication Modules</span>), a powerful mechanism to integrate multiple -low-level authentication schemes into a high-level interface. -</p> -<p> -Authorizing access to resources however is often done through a simple -permission scheme. Most resources are not hidden by default, although -patches and updates exist (such as those offered by Gentoo Hardened's -kernel sources with grSecurity patches which includes support for this -kind of measures). File-system wise, you can hide the existence of files -by ensuring the directory in which the file resides is not readable nor -"executable" by unauthorized accounts. -</p> -<p> -This default permission scheme has major drawbacks. It does not allow you to -define very flexible authorizations (it only allows permissions on three levels: -owner, group-owner and everybody else) and is limited to read/write/execute -rights (although a few additional attributes are supported nowadays as well). -</p> -<p> -Another drawback is that the permission scheme is <span class="emphasis">discretionary</span>, meaning -that users and processes are able to change the security policy in place. -</p> -<p> -For the majority of uses, this permission scheme is sufficient and has proven to -offer a decent method for managing access authorizations. But the drawbacks have -shown to be a major hole in the Linux' offering. -</p> -<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1. - </span>Mandatory Access Control</p> -<p class="secthead"><a name="doc_chap1_sect1">Enter SELinux</a></p> -<p> -If the above mentioned discretionary access control, abbreviated to <span class="emphasis">DAC</span>, -is not sufficient (and if you are keen on security, you will not find it -sufficient), you need a <span class="emphasis">Mandatory</span> Access Control, or <span class="emphasis">MAC</span> system. -</p> -<p> -When using a MAC system, activities that a process wants to perform on another -resource need to be explicitly allowed. It offers a higher granularity on -permissions as well as resources. They often support not only files, but also -sockets, ports, memory segments, queues, processes, kernel services, system -calls, devices, file systems and more. The granularity of activities supported -is also quite large. For files, this can be append, create, execute, write, -link, ioctl, get- and setattr, read, rename, lock, ... whereas for sockets this -might be append, bind, connect, create, write, sendto, accept, ... Also, when -using a MAC system, no user or process can manipulate the security policy -itself: what the security administrator has defined cannot be overturned. -</p> -<p> -This is where SELinux comes to play. SELinux is a Linux kernel feature which -implements, amongst other things, a MAC system for controlling and governing -access to various resources. It uses a deny-by-default permission scheme, so any -access that a process wants to perform needs to be explicitly granted. -</p> -<p> -SELinux also allows you to put a finer-grained permission model <b>on top -of</b> the traditional DAC system (which is still in use when using SELinux -- in other words, if the traditional system does not allow certain activities, -it will not be allowed even if there are SELinux policies granting the -permission). -</p> -<p class="secthead"><a name="doc_chap1_sect1">What is SELinux</a></p> -<p> -To support this finer-grained permission model, you would think that changes -are needed to the Linux kernel. Yet thanks to the Linux kernel <span class="emphasis">LSM</span> -interface (<span class="emphasis">Linux Security Modules</span>), support for SELinux was easily added -and since the 2.6 kernel series, SELinux has been integrated in the mainstream -kernel release. But supporting SELinux and using SELinux are very different topics. -</p> -<p> -In order to properly identify resources, SELinux needs to assign labels to these -resources. When the resources are in-memory, this is mostly supported by the -Linux kernel itself, but for persistent resources such as files, these labels -need to be placed somewhere. SELinux has chosen to use a file's extended -attributes (which is stored on the file system itself). The advantage here is -that a label remains on the file even if the file is renamed. A disadvantage of -this approach is that the file system must support <span class="emphasis">extended attributes</span>, -which not all file systems do (or have activated). -</p> -<p> -SELinux also uses roles to govern resource access. A user that does not have -access to the system administration role should never be allowed to execute any -system administration activities even if he is able to escalate its privileges -(say through a set-uid application). To support roles, SELinux requires changes -to the authentication services (PAM) and needs to store role definitions and -authorizations somewhere. -</p> -<p> -Next to the kernel support and labels assigned to the resources and support -within the authorization system, SELinux also requires particular tools to -support the SELinux features. Examples are administrative tools to view and -manipulate labels, privilege management tools (like <span class="code" dir="ltr">sudo</span>), system -services (like SysVInit) etc. This is reflected in a set of patches -against these (and more) tools which are not always part of the applications' -main source code. -</p> -<p class="secthead"><a name="doc_chap1_sect1">Gentoo Hardened and SELinux</a></p> -<p> -What Gentoo Hardened offers is SELinux integrated in the distribution. When you -select SELinux support, Gentoo Hardened will apply the necessary patches against -the applications and help you (re)label your files and other resources to become -SELinux-manageable. Gentoo Hardened also integrates SELinux support inside -Portage, allowing for newly installed files to be automatically labeled and to -use a SELinux-supporting sandbox environment for -safe package building. -</p> -<p> -Next to the pure technological support, we hope that you will also find the -necessary supporting documents, guides, experience and on-line support for using -SELinux within Gentoo. Never hesitate to come and say hi on the -<span class="code" dir="ltr">#gentoo-hardened</span> chat channel in the Freenode IRC network or on our -mailing lists. -</p> -<p> -If you believe that SELinux is the right thing for you and you want to try it -out using Gentoo Hardened, please read on. The next chapter will inform you how -SELinux security is "designed" and how it is conceptually structured. Further -chapters will then help you with the authorization language and the "base" -policies that most distributions start from, and finally help you install, -run and manage a SELinux hardened Gentoo system. -</p> -</td> -<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="alttext">Page updated May 25, 2011</p></td></tr> -<tr lang="en"><td align="center" class="topsep"> -<p class="alttext"><b>Donate</b> to support our development efforts. - </p> -<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> -<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo"> -</form> -</td></tr> -<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr> -</table></td> -</tr></table></td></tr> -<tr><td colspan="2" align="right" class="infohead"> -Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>. -</td></tr> -</table></body> -</html> |