Cover image for SELinux

Book description

The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE--all of it free and open source. SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days--when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system. The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include:

  • A readable and concrete explanation of SELinux concepts and the SELinux security model

  • Installation instructions for numerous distributions

  • Basic system and user administration

  • A detailed dissection of the SELinux policy language

  • Examples and guidelines for altering and adding policies

With SELinux, a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system--and who doesn't?--this book provides the means.

Table of Contents

  1. SELinux
    1. Preface
      1. Organization of This Book
      2. Conventions Used in This Book
        1. Keyboard Accelerators
      3. Using Code Examples
      4. How to Contact Us
      5. Acknowledgments
    2. 1. Introducing SELinux
      1. Software Threats and the Internet
        1. Software complexity
          1. Network connectivity
            1. Active content and mobile code
        2. Privilege Escalation
        3. The Patch Cycle and the 0-Day Problem
        4. Protecting Against 0-Days
        5. Network and Host Defenses
          1. Network defenses
            1. Network firewalls
            2. Network intrusion detection and prevention systems
          2. Host defenses
            1. Host firewalls and intrusion detection systems
            2. Logging and auditing
            3. Memory protection
            4. Sandboxes
            5. Access-control lists
        6. Discretionary and Mandatory Access Control
          1. Discretionary access control
          2. Mandatory access control
      2. SELinux Features
        1. How SELinux Works
        2. SELinux Components and Linux Security Modules (LSM)
      3. Applications of SELinux
      4. SELinux History
      5. Web and FTP Sites
        1. Mailing Lists
    3. 2. Overview of the SELinux Security Model
      1. Subjects and Objects
      2. Security Contexts
      3. Transient and Persistent Objects
      4. Access Decisions
      5. Transition Decisions
      6. SELinux Architecture
        1. Kernel-Level Code
        2. The SELinux Shared Library
        3. The SELinux Security Policy
        4. SELinux Tools
          1. SELinux commands
          2. Modified Linux commands and programs
          3. Supplementary SELinux tools
        5. References
    4. 3. Installing and Initially Configuring SELinux
      1. SELinux Versions
      2. Installing SELinux
      3. Linux Distributions Supporting SELinux
        1. Fedora Core 2
      4. Installation Overview
      5. Installing SELinux from Binary or Source Packages
        1. Debian GNU/Linux
        2. Gentoo Linux
          1. Installing SELinux to a fresh Gentoo system
          2. Installing SELinux to an existing Gentoo Linux system
        3. RPM-Based Distributions
          1. Red Hat Enterprise Linux
          2. SUSE Linux
      6. Installing from Source
    5. 4. Using and Administering SELinux
      1. System Modes and SELinux Tuning
      2. Controlling SELinux
        1. Switching Modes
          1. Setting the initial operating mode
          2. Dynamically setting the operating mode
          3. Disabling SELinux at boot time
        2. Loading the SELinux Security Policy
          1. The SELinux Makefile
          2. The SELinux policy compiler (checkpolicy)
          3. The load_policy utility
        3. Labeling Filesystems and Files
          1. Using the Makefile to label or relabel filesystems
          2. Using commands to label or relabel files or filesystems
            1. The chcon utility
            2. The fixfiles utility
            3. The restorecon utility
            4. The setfiles utility
        4. Tuning Fedora Core 2 SELinux
          1. Tuning via macros
          2. Tuning via policy Booleans
            1. Setting Booleans via the /selinux filesystem
      3. Routine SELinux System Use and Administration
        1. Entering a Role
          1. Changing roles
        2. Viewing Security Contexts
          1. Viewing the user security context
          2. Viewing a file security context
          3. Viewing a process security context
        3. Adding Users
          1. Associating a user with a nondefault role
          2. How default roles are assigned
          3. Setting user passwords
        4. Starting and Controlling Daemons
          1. Starting non-init daemons and programs
      4. Monitoring SELinux
        1. SELinux Log Message Format
        2. SELinux Logging Subtleties
        3. The Audit2allow Utility
      5. Troubleshooting SELinux
        1. Boot Problems
        2. Local Login Problems
        3. Program Execution Problems
        4. Daemon Problems
        5. X Problems
    6. 5. SELinux Policy and Policy Language Overview
      1. The SELinux Policy
      2. Two Forms of an SELinux Policy
      3. Anatomy of a Simple SELinux Policy Domain
        1. The snort.fc File
        2. The snort.te File
          1. The type line
          2. The allow lines
          3. Macro invocations
      4. SELinux Policy Structure
        1. The flask Subdirectory
          1. The flask/initial_sids file
          2. The flask/security_classes file
          3. The flask/access_vectors file
        2. The macros Subdirectory
        3. The file_contexts Subdirectory
        4. The types Subdirectory
        5. The domains Subdirectory
        6. The appconfig Subdirectory
        7. The Policy Source Directory
    7. 6. Role-Based Access Control
      1. The SELinux Role-Based Access Control Model
      2. Railroad Diagrams
        1. What Railroad Diagrams Do
        2. How Railroad Diagrams Work
      3. SELinux Policy Syntax
        1. Basic Policy Elements
      4. User Declarations
      5. Role-Based Access Control Declarations
        1. Role Type Declarations
        2. Role Dominance Declarations
        3. Role Transition Declarations
        4. Role Allow Declarations
    8. 7. Type Enforcement
      1. The SELinux Type-Enforcement Model
      2. Review of SELinux Policy Syntax
      3. Type-Enforcement Declarations
        1. Type Declarations
        2. Type-Alias Declarations
        3. Attribute Declarations
        4. TE Access-Vector Declarations
          1. Special notations for types, classes, and permissions
          2. Macros that specify and authorize transitions
        5. Transition Declarations
        6. Boolean Declarations
        7. Conditional Declarations
      4. Examining a Sample Policy
    9. 8. Ancillary Policy Statements
      1. Constraint Declarations
      2. Other Context-Related Declarations
        1. Syntax of Initial SID Context Declarations
        2. Syntax of Filesystem Labeling Declarations
        3. Syntax of Genfs Declarations
        4. Syntax of Network Declarations
          1. Portcon declarations
          2. Netifcon declarations
          3. Nodecon declarations
      3. Flask-Related Declarations
        1. Syntax of security_classes
        2. Syntax of initial_sids
        3. Syntax of access_vectors
    10. 9. Customizing SELinux Policies
      1. The SELinux Policy Source Tree
      2. On the Topics of Difficulty and Discretion
      3. Using the SELinux Makefile
      4. Creating an SELinux User
        1. Adding a System Administrator
        2. Adding an Ordinary User
      5. Customizing Roles
      6. Adding Permissions
      7. Allowing a User Access to an Existing Domain
      8. Creating a New Domain
        1. Determine What Files Are Related to the Domain
        2. Determine the Security Contexts of the Files
        3. Decide on Appropriate Security Contexts for the New Domain
        4. Create a Basic TE File
        5. Create a Basic FC File
        6. Delete Conflicting Specifications from Other FC Files
        7. Load the Revised Policy and Label the Domains
        8. Test and Revise the TE and FC Files as Needed
      9. Using Audit2allow
      10. Policy Management Tools
        1. Apol
          1. Policy components
          2. Policy rules
          3. Analysis
        2. Seaudit
        3. Sepcut
        4. Seuserx
      11. The Road Ahead
    11. A. Security Object Classes
    12. B. SELinux Operations
    13. C. SELinux Macros Defined in src/policy/macros
    14. D. SELinux General Types
    15. E. SELinux Type Attributes
    16. Index
    17. Colophon