Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/html/selinux/hb-intro-enhancingsecurity.html
diff options
context:
space:
mode:
Diffstat (limited to 'html/selinux/hb-intro-enhancingsecurity.html')
-rw-r--r--html/selinux/hb-intro-enhancingsecurity.html219
1 files changed, 0 insertions, 219 deletions
diff --git a/html/selinux/hb-intro-enhancingsecurity.html b/html/selinux/hb-intro-enhancingsecurity.html
deleted file mode 100644
index 09b8c12..0000000
--- a/html/selinux/hb-intro-enhancingsecurity.html
+++ /dev/null
@@ -1,219 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
-<link REL="shortcut icon" HREF="favicon.ico" TYPE="image/x-icon">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
-<title>Gentoo Linux Handbook Page
---
- </title>
-</head>
-<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
-<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
-<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
-<td width="99%" class="content" valign="top" align="left">
-<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
- </span>Introduction</p>
-<p class="secthead"><a name="doc_chap1_sect1">A Warm Welcome</a></p>
-<p>
-Welcome to the Gentoo SELinux handbook. In this resource, we will bring you up
-to speed with Gentoo Hardened's implementation of SELinux and the policies
-involved. Part of this exercise is to help you understand why SELinux was
-brought to life and which concept is behind the development of the SELinux
-patches. We will cover the SELinux concepts, the reference policy that Gentoo
-Hardened uses and elaborate on how to work with the various SELinux tools.
-</p>
-<p>
-The purpose of this book is not to explain SELinux itself in great detail. There
-are many references available on the Internet and in the better bookstores that
-help you with the SELinux topic. Instead, we will focus on SELinux integration
-within Gentoo Hardened. Of course, we will give a quick introduction to SELinux
-to allow you to understand how it works, what it is and help you identify which
-actions you will need to take in order to properly secure your system using the
-SELinux tools.
-</p>
-<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
- </span>Securing Linux</p>
-<p class="secthead"><a name="doc_chap1_sect1">Security In General</a></p>
-<p>
-Security is often seen as a vague concept. What is security in general? How do
-you measure security? What is the benefit and how do you make sure you do not
-put too much effort in securing your system?
-</p>
-<p>
-Well, security zealots will tell you that there is no such thing as too much
-security. If properly implemented, security does not restrict functionality or
-performance. It does not give you too much overhead in order to do your tasks.
-But implementing security properly is a different and time-consuming task. That
-is also why you often hear that security is as good as its administrator.
-</p>
-<p>
-So, how can you look at security? A good practice on security is to define your
-security goals. List what you want to achieve and why. By tracking the threats
-that you want to minimize, you build up a security model that is appropriate for
-your environment. Such threats can be very broad, such as "Ensure no-one is able
-to work around our security measures".
-</p>
-<p>
-In case of a Linux system powered with SELinux, this would at least mean that
-you want to protect critical system files, such as kernel image(s) and boot
-loader configuration, passwords and the SELinux policy binary itself from being
-written by anyone or anything except trusted processes.
-</p>
-<p class="secthead"><a name="doc_chap1_sect1">Access Control</a></p>
-<p>
-A decent access control system (or group of systems) ensures that only
-authorized individuals or processes are granted access to the resources they are
-tring to work with.
-</p>
-<p>
-Before one can implement an access control system, you first need to have proper
-authentication in place. If your authentication schemes are flawed, your access
-control system might not be able to differentiate legitimate users from
-malicious ones.
-</p>
-<p>
-Authenticating users within Linux is often done through PAM (<span class="emphasis">Pluggable
-Authentication Modules</span>), a powerful mechanism to integrate multiple
-low-level authentication schemes into a high-level interface.
-</p>
-<p>
-Authorizing access to resources however is often done through a simple
-permission scheme. Most resources are not hidden by default, although
-patches and updates exist (such as those offered by Gentoo Hardened's
-kernel sources with grSecurity patches which includes support for this
-kind of measures). File-system wise, you can hide the existence of files
-by ensuring the directory in which the file resides is not readable nor
-"executable" by unauthorized accounts.
-</p>
-<p>
-This default permission scheme has major drawbacks. It does not allow you to
-define very flexible authorizations (it only allows permissions on three levels:
-owner, group-owner and everybody else) and is limited to read/write/execute
-rights (although a few additional attributes are supported nowadays as well).
-</p>
-<p>
-Another drawback is that the permission scheme is <span class="emphasis">discretionary</span>, meaning
-that users and processes are able to change the security policy in place.
-</p>
-<p>
-For the majority of uses, this permission scheme is sufficient and has proven to
-offer a decent method for managing access authorizations. But the drawbacks have
-shown to be a major hole in the Linux' offering.
-</p>
-<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
- </span>Mandatory Access Control</p>
-<p class="secthead"><a name="doc_chap1_sect1">Enter SELinux</a></p>
-<p>
-If the above mentioned discretionary access control, abbreviated to <span class="emphasis">DAC</span>,
-is not sufficient (and if you are keen on security, you will not find it
-sufficient), you need a <span class="emphasis">Mandatory</span> Access Control, or <span class="emphasis">MAC</span> system.
-</p>
-<p>
-When using a MAC system, activities that a process wants to perform on another
-resource need to be explicitly allowed. It offers a higher granularity on
-permissions as well as resources. They often support not only files, but also
-sockets, ports, memory segments, queues, processes, kernel services, system
-calls, devices, file systems and more. The granularity of activities supported
-is also quite large. For files, this can be append, create, execute, write,
-link, ioctl, get- and setattr, read, rename, lock, ... whereas for sockets this
-might be append, bind, connect, create, write, sendto, accept, ... Also, when
-using a MAC system, no user or process can manipulate the security policy
-itself: what the security administrator has defined cannot be overturned.
-</p>
-<p>
-This is where SELinux comes to play. SELinux is a Linux kernel feature which
-implements, amongst other things, a MAC system for controlling and governing
-access to various resources. It uses a deny-by-default permission scheme, so any
-access that a process wants to perform needs to be explicitly granted.
-</p>
-<p>
-SELinux also allows you to put a finer-grained permission model <b>on top
-of</b> the traditional DAC system (which is still in use when using SELinux
-- in other words, if the traditional system does not allow certain activities,
-it will not be allowed even if there are SELinux policies granting the
-permission).
-</p>
-<p class="secthead"><a name="doc_chap1_sect1">What is SELinux</a></p>
-<p>
-To support this finer-grained permission model, you would think that changes
-are needed to the Linux kernel. Yet thanks to the Linux kernel <span class="emphasis">LSM</span>
-interface (<span class="emphasis">Linux Security Modules</span>), support for SELinux was easily added
-and since the 2.6 kernel series, SELinux has been integrated in the mainstream
-kernel release. But supporting SELinux and using SELinux are very different topics.
-</p>
-<p>
-In order to properly identify resources, SELinux needs to assign labels to these
-resources. When the resources are in-memory, this is mostly supported by the
-Linux kernel itself, but for persistent resources such as files, these labels
-need to be placed somewhere. SELinux has chosen to use a file's extended
-attributes (which is stored on the file system itself). The advantage here is
-that a label remains on the file even if the file is renamed. A disadvantage of
-this approach is that the file system must support <span class="emphasis">extended attributes</span>,
-which not all file systems do (or have activated).
-</p>
-<p>
-SELinux also uses roles to govern resource access. A user that does not have
-access to the system administration role should never be allowed to execute any
-system administration activities even if he is able to escalate its privileges
-(say through a set-uid application). To support roles, SELinux requires changes
-to the authentication services (PAM) and needs to store role definitions and
-authorizations somewhere.
-</p>
-<p>
-Next to the kernel support and labels assigned to the resources and support
-within the authorization system, SELinux also requires particular tools to
-support the SELinux features. Examples are administrative tools to view and
-manipulate labels, privilege management tools (like <span class="code" dir="ltr">sudo</span>), system
-services (like SysVInit) etc. This is reflected in a set of patches
-against these (and more) tools which are not always part of the applications'
-main source code.
-</p>
-<p class="secthead"><a name="doc_chap1_sect1">Gentoo Hardened and SELinux</a></p>
-<p>
-What Gentoo Hardened offers is SELinux integrated in the distribution. When you
-select SELinux support, Gentoo Hardened will apply the necessary patches against
-the applications and help you (re)label your files and other resources to become
-SELinux-manageable. Gentoo Hardened also integrates SELinux support inside
-Portage, allowing for newly installed files to be automatically labeled and to
-use a SELinux-supporting sandbox environment for
-safe package building.
-</p>
-<p>
-Next to the pure technological support, we hope that you will also find the
-necessary supporting documents, guides, experience and on-line support for using
-SELinux within Gentoo. Never hesitate to come and say hi on the
-<span class="code" dir="ltr">#gentoo-hardened</span> chat channel in the Freenode IRC network or on our
-mailing lists.
-</p>
-<p>
-If you believe that SELinux is the right thing for you and you want to try it
-out using Gentoo Hardened, please read on. The next chapter will inform you how
-SELinux security is "designed" and how it is conceptually structured. Further
-chapters will then help you with the authorization language and the "base"
-policies that most distributions start from, and finally help you install,
-run and manage a SELinux hardened Gentoo system.
-</p>
-</td>
-<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Page updated May 25, 2011</p></td></tr>
-<tr lang="en"><td align="center" class="topsep">
-<p class="alttext"><b>Donate</b> to support our development efforts.
- </p>
-<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
-<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
-</form>
-</td></tr>
-<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
-</table></td>
-</tr></table></td></tr>
-<tr><td colspan="2" align="right" class="infohead">
-Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
-</td></tr>
-</table></body>
-</html>