Security-Enhanced Linux (SELinux) is an enhancement to the standard Linux® kernel that provides fine-grained security by employing Mandatory Access Control (MAC) rules. Security Blanket® v4.0.7 now supports Red Hat® Enterprise Linux 4, 5, and 6 enforcing the default Targeted SELinux policy – as well as Fedora™ 10 through 13.
For example, the Apache Web Server (httpd) daemon executes in its own domain httpd_t. Other daemons on the system which do not have policy written specifically for them run in the domain unconfined_t.
Daemons and system processes running in the unconfined_t domain only use the standard Linux Discretionary Access Control (DAC) method of access control. In SELinux, access is granted to processes on a per-domain basis; each domain has a set of operations it may perform on each type of file, directory, or other resource.
For security reasons, the Security Blanket team preferred not to execute in the unconfined_t domain. Therefore, a specific policy module was written to augment the Targeted policy, which separated Security Blanket's Console, Dispatcher, and Core Engine components into their own domains. For more details and exceptions, please see the Security Blanket Administration Guide.
Processes and files are labeled with an SELinux Context that contains additional information, such as an SELinux user, role, type, and, optionally, a security level. When running SELinux, all of this information is used to make access control decisions. In Red Hat Enterprise Linux, SELinux provides a combination of Role-Based Access Control (RBAC), Type Enforcement® (TE), and, optionally, Multi-Level Security (MLS).
The above image is the output from the ls(1) command using the -Z argument , which displays the SELinux Context assigned to a file object.
In previous releases of Security Blanket, SELinux was not supported because the SELinux Context on file system objects could be destroyed and could only be restored by relabeling the object. Each file system object is referenced by its information node (inode) and the SELinux context is stored as an extended attribute.
In future releases of Security Blanket, we may provide support for the Strict policy with MLS. The goal of MLS policy is to allow a Linux operating system to get EAL4+/LSPP certification. In developing this policy, the fourth field of the security context, the security or sensitivity level has been turned on — this facilitates the handling of labeled files.
The Security Blanket team is also watching the National Security Agency's (NSA) Certifiable Linux Integration Platform (CLIP) project. This project defines a specific configuration of SELinux designed to provide the foundation for hosting secure applications.
The Security Blanket team is excited to offer SELinux Targeted policy support and we are anxious to hear from our customers. Finally, if you are interested in using Security Blanket on systems enforcing the Strict policy or you have plans to use configurations defined by CLIP, send us an email at SecurityBlanket@TrustedCS.com.
For more information see: Taking advantage of SELinux in Red Hat® Enterprise Linux®, by Faye Coker and Russell Coker
0 comments:
Post a Comment