Introduction to SELinux

More documents

Recommendations

Info

Is this enough? • Activites and the traditional security model solves a lot of the problems… • But what, if an attack is successful? • What about misconfiguration? • What about treacherous users? Objective: Reduce the remaining risk by limiting the potential damage caused by the failure of these security mechanisms A Mandatory Access Control system is needed
Current Linux Security Model • Referred to as Discretionary Access Control • Traditional OS/Unix mechanism • Programs runs with the permission of the user executing it • File permissions and ACL • setuid/setgid binaries: mount, passwd, ping • chroot – a restricted filesystem namespace • Root is all powerful • Too coarse grained • root vs non-root gives boolean security model for many cases • Users & programs have complete control • The level of system security is left to the discretion of the applications running on it. Virtually any compromise or misconfiguration of the above can easily lead to total system compromise
Page 1 and 2: Introduction to SELinux Henrik Rydm
Page 3 and 4: Enterprise Linux as a Model • Red
Page 5: Existing OS Security Features • S
Page 9 and 10: What is SELinux? • A system for M
Page 11 and 12: SELinux Type Persistence • Type a
Page 13 and 14: Type Enforcement (TE) • Seven typ
Page 15 and 16: Example - snort.fc # SNORT /usr/(s)
Page 17 and 18: Permissive versus Enforcing • SEL
Page 19 and 20: Strict Policy vs Targeted Policy St
Page 21 and 22: Modified Linux commands
Page 23 and 24: SELinux in the filesystem • main
Page 25 and 26: Why SELinux? • Traditional Linux
Page 27 and 28: Learning More and Getting Involved

Introduction to SELinux

Create successful ePaper yourself

Delete template?

Save as template?