Security Models
Lab
ATOL: SELinux
Marek Grác
xgrac@fi.muni.cz
Red Hat Czech s.r.o. / Faculty of Informatics, Masaryk University
Advanced Topics of Linux Administration
Marek Grác xgrac@fi.muni.cz ATOL: SELinux
Security Models
Lab
Basic Terms
Policy ­ Rules for access decision making
Security attributes ­ Metadata assigned to individual
processes and resources
Decision maker ­ Kernel, DB server, X, Apache, . . .
Marek Grác xgrac@fi.muni.cz ATOL: SELinux
Security Models
Lab
Discretionary Access Controls (DAC)
Basic access control policies to objects
Set of discretion of the owner of the objects (eg. file
permissions rwx)
Users (root and non-root), groups
Processes can change security attributes
Gross granularity based on UID, GID
Marek Grác xgrac@fi.muni.cz ATOL: SELinux
Security Models
Lab
SELinux I
Implemented using Linux Security Model (LSM)
Transparent for most of the applications
Fine granularity
MAC-based policy ­ normal processes cannot change security
attributes
Marek Grác xgrac@fi.muni.cz ATOL: SELinux
Security Models
Lab
SELinux II
Base form of access control
Type Enforcement (TE) ­ primary
Role-Based Access Control (RBAC)
Multi-Level Security (MLS) ­ Bell-LaPadula
Configuration using language to describe policy
Configuration files for system stored in one place
Three basic policies (targeted, strict, mls)
Access is denied by default
Rights can be only added to existing policy
Marek Grác xgrac@fi.muni.cz ATOL: SELinux
Security Models
Lab
SELinux III
Processes (subjects) and resources (objects) have security
context
ls -Z, ps axZ, id -Z
Marek Grác xgrac@fi.muni.cz ATOL: SELinux
Security Models
Lab
Type Enforcement I
Based on security attribute type
Type is given to both subjects and objects
Attributes for access control
Subject Type, Object Type, Class of Subject, Operation
Example: http t, httpd sys content t, file, read
Marek Grác xgrac@fi.muni.cz ATOL: SELinux
Security Models
Lab
Type Enforcement II - Initial type
Inherited to files from directories
Privileged subjects can explicitly set context (eg. chcon)
Inherited to child from parent processes
Transition rules: init (init t) - httpd init script (initrc t) httpd
(httpd t)
Marek Grác xgrac@fi.muni.cz ATOL: SELinux
Security Models
Lab
Lab: Installation
Goals:
Create a file with permission 0777 that cannot be read by
normal user
Use SELinux to block access to 'ping' for normal users
Marek Grác xgrac@fi.muni.cz ATOL: SELinux
Security Models
Lab
Lab: Prepare a paper
Themes:
Describe AppArmour and compare it to SELinux
Format:
Short presentation (15­20 minutes; 5-7 slides)
Paper containing comparision (500 words)
Marek Grác xgrac@fi.muni.cz ATOL: SELinux