Your SlideShare is downloading. ×
0
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Load2010 Se Linux Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Load2010 Se Linux Presentation

1,170

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,170
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
60
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. An Introduction to SELinux Toshaan Bharvani - VanTosh bvba An Introduction to SELinux Introduction How to use it Toshaan Bharvani - VanTosh bvba SELinux states <toshaan@vantosh.com> Managing SELinux Policies The End Linux Open Administration Days 10 April 2010 An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 1 / 18
  • 2. An Introduction $ whoami to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux Toshaan Bharvani states Managing Currently working at VanTosh SELinux Policies Has been involved with CentOS The End Like to keep everything secure Involved with hardware and software An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 2 / 18
  • 3. An Introduction Table of contents to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it 1 Introduction SELinux states Managing SELinux Policies 2 How to use it The End SELinux states Managing SELinux Policies An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 3 / 18
  • 4. An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states 1 Managing SELinux Policies Introduction The End An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 4 / 18
  • 5. An Introduction What is SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states SELinux = Security-Enhanced Linux Managing SELinux Mechanism for supporting mandatory access control Policies security policies The End Linux Security Modules (LSM) run in the Linux kernel An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 5 / 18
  • 6. An Introduction SELinux features to SELinux Toshaan Separation of policy from enforcement Bharvani - VanTosh bvba Predefined policy interfaces Introduction Support for applications querying the policy and enforcing How to use it access control SELinux states Independent of specific policies, policy languages, security Managing label formats and contents SELinux Policies Caching of access decisions for efficiency The End Policy changes are possible (!!!) Separate measures for protecting system integrity and data confidentiality Controls over process initialization and inheritance and program execution Controls file systems, directories, files, and open file descriptors Controls over sockets, messages, and network interfaces An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 6 / 18
  • 7. An Introduction Where is SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it Redhat Enterprise Linux v4 / v5 SELinux states CentOS v4 / v5 Managing SELinux Novel SLES, OpenSuSE Policies The End Gentoo Debian ... An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 7 / 18
  • 8. An Introduction Misconceptions about SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing SELinux “Life is too short for SELinux” – Theodore Ts’o Policies Upstream vendors requires me to disable SELinux The End An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 8 / 18
  • 9. An Introduction Why use SELinux? to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing It confines services in compartments SELinux Policies No, it isn’t difficult The End Increases security An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 9 / 18
  • 10. An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states 2 Managing SELinux Policies How to use it The End An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 10 / 18
  • 11. An Introduction Changing SELinux states to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it Enforcing SELinux states Enable and enforce the SELinux security policy on the Managing system, denying access and logging actions SELinux Policies Permissive The End Enables, but will not enforce the security policy, only warn and log actions Disabled SELinux is turned off An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 11 / 18
  • 12. An Introduction Checking the state of SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing sestatus SELinux Policies Enforcing The End Permissive An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 12 / 18
  • 13. An Introduction Access Control to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it Type Enforcement (TE) SELinux The primary mechanism of access control used in the states Managing targeted policy SELinux Role-Based Access Control (RBAC) Policies Based around SELinux users (not necessarily the same as The End the Linux user) Multi-Level Security (MLS) Not used and often hidden in the default targeted policy. An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 13 / 18
  • 14. An Introduction Relabbeling files to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it chcon -R -t httpd sys content t /usr/srv/www SELinux states semanage fcontext -a -t httpd sys content t Managing ”/usr/srv/www(/.*)?” SELinux Policies restorecon -Rv -n /var/www/html The End Relabelling whole the filesystem genhomedircon touch /.autorelabel reboot An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 14 / 18
  • 15. An Introduction Enabling bools & ports to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux Managing ports states Managing semanage port -l SELinux semanage port -a -t http port t -p tcp 8181 Policies The End Managing predefined policies getsebool -a — grep samba setsebool -P samba enable home dirs on An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 15 / 18
  • 16. An Introduction Generating policies to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing less /var/log/audit/audit.log SELinux Policies grep zarafa /var/log/audit/audit.log — audit2allow -m The End zarafa > zarafa.te An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 16 / 18
  • 17. An Introduction Some Policy to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing Dovecot Policy SELinux Policies Zarafa Policy The End Spamassassin Policy An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 17 / 18
  • 18. An Introduction The End to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Thank You Managing SELinux Policies The End Toshaan Bharvani - VanTosh bvba <toshaan@vantosh.com> http://www.vantosh.com/publications A Made with Beamer L TEX a TEXbased Presentation program An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 18 / 18

×