This document discusses type enforcement access control in SELinux. It explains that in SELinux, access must be explicitly granted through allow rules that specify the source type, target type, object class, and permissions. It uses the example of allowing a user_t process to access bin_t files to illustrate the syntax of allow rules. It then discusses the problems of domain transitions and how SELinux uses entrypoint permissions on executables and type_transition rules to securely allow processes to transition domains and access resources with least privilege, using the example of allowing the passwd program to access the shadow password file when run by a user.
Basic file permissions include read, write, and execute permissions. Read allows opening and reading files, write allows modifying file contents, and execute allows running files. Advanced permissions include SUID, SGID, and sticky bit. SUID runs files as the owner, SGID runs files as the group owner, and sticky bit keeps files in swap space for quick reloading. Permissions are represented numerically and set using chmod with permission, file/directory syntax.
Exploitation and distribution of setuid and setgid binaries on Linux systemsZero Science Lab
Abstract—In an era of internet freedom, lack of control and supervision, every system is exposed to various attackers and malicious users which, given the right circumstances, are able to cause colossal damage. A single security vulnerability can be the reason for a business’ downfall, therefore significant attention needs to be paid to said systems’ security to avoid such issues. Unix-like filesystems define certain access rights flags, named setuid and setgid, which allow users to execute files with the permissions of the file’s owner or group. This can be exploited to gain unprivileged access using buffer overflow attacks. I performed tests by running a script to collect the files in Ubuntu, Debian, Slackware, Fedora and CentOS to find the files with the setuid and setgid bits set. My aim is to determine which distribution is the most secure one and whether Slackware, considering it’s known for its’ secure design and characteristics, will prove its’ reputation. The results show that Debian and CentOS have e least amount of exploitable binaries, while Slackware and Fedora have the most.
This document provides an overview of SELinux, including its introduction, access control mechanisms, policy, administration, and benefits. SELinux is a Linux security module that implements mandatory access controls to confine processes and restrict their access. It defines types for objects like files and directories, domains for processes, and roles to determine what access users and processes have. SELinux policy enforces these controls and can be configured through booleans and modified policy modules. It helps strengthen security by auditing access and confining services like web servers even if they are compromised by an attack.
Host security measures aim to comprehensively protect individual hosts through host-centric approaches tailored to the host's architecture and configuration. This involves securing configurations, access controls, permissions and services on Unix-like systems. Common weaknesses include password issues, exploitable services and improper permissions. Unix uses users, groups and world permissions on files and directories to control access. Proper configuration of these permissions and use of setuid programs is important for security. The Unix password system has evolved from storing passwords in plaintext to using shadow files and stronger encryption.
Host security measures aim to comprehensively protect individual hosts through host-centric approaches tailored to the host's architecture and configuration. This involves securing configurations, access controls, permissions and services on Unix-like systems. Common weaknesses include password issues, exploitable services and improper permissions. Unix uses users, groups and world permissions on files and directories to control access. Sensitive system directories must have proper permissions to balance security and usability. Remote access utilities like rlogin pose risks if not properly configured, so disabling them in favor of SSH is recommended. The Unix password system has evolved from insecure early implementations to more secure modern schemes that hash passwords and store them separately from account details.
This document provides an overview of Security Enhanced Linux (SELinux). It discusses what SELinux is, how it implements mandatory access control on Linux systems, and some basic SELinux concepts like types, users, roles, and the policy. It also covers installing SELinux on CentOS 7 and checking the mode.
101 4.5 manage file permissions and ownership v3Acácio Oliveira
This document discusses Linux file permissions and ownership. It covers commands used to manage permissions and ownership, including chmod, chown, chgrp, umask. Key areas covered include permissions for users, groups and others; permission levels for files and directories; and configuring user and group information stored in /etc/passwd, /etc/shadow, and /etc/groups files. The goal is to teach system administrators how to manage access permissions on files and directories to maintain security.
Basic file permissions include read, write, and execute permissions. Read allows opening and reading files, write allows modifying file contents, and execute allows running files. Advanced permissions include SUID, SGID, and sticky bit. SUID runs files as the owner, SGID runs files as the group owner, and sticky bit keeps files in swap space for quick reloading. Permissions are represented numerically and set using chmod with permission, file/directory syntax.
Exploitation and distribution of setuid and setgid binaries on Linux systemsZero Science Lab
Abstract—In an era of internet freedom, lack of control and supervision, every system is exposed to various attackers and malicious users which, given the right circumstances, are able to cause colossal damage. A single security vulnerability can be the reason for a business’ downfall, therefore significant attention needs to be paid to said systems’ security to avoid such issues. Unix-like filesystems define certain access rights flags, named setuid and setgid, which allow users to execute files with the permissions of the file’s owner or group. This can be exploited to gain unprivileged access using buffer overflow attacks. I performed tests by running a script to collect the files in Ubuntu, Debian, Slackware, Fedora and CentOS to find the files with the setuid and setgid bits set. My aim is to determine which distribution is the most secure one and whether Slackware, considering it’s known for its’ secure design and characteristics, will prove its’ reputation. The results show that Debian and CentOS have e least amount of exploitable binaries, while Slackware and Fedora have the most.
This document provides an overview of SELinux, including its introduction, access control mechanisms, policy, administration, and benefits. SELinux is a Linux security module that implements mandatory access controls to confine processes and restrict their access. It defines types for objects like files and directories, domains for processes, and roles to determine what access users and processes have. SELinux policy enforces these controls and can be configured through booleans and modified policy modules. It helps strengthen security by auditing access and confining services like web servers even if they are compromised by an attack.
Host security measures aim to comprehensively protect individual hosts through host-centric approaches tailored to the host's architecture and configuration. This involves securing configurations, access controls, permissions and services on Unix-like systems. Common weaknesses include password issues, exploitable services and improper permissions. Unix uses users, groups and world permissions on files and directories to control access. Proper configuration of these permissions and use of setuid programs is important for security. The Unix password system has evolved from storing passwords in plaintext to using shadow files and stronger encryption.
Host security measures aim to comprehensively protect individual hosts through host-centric approaches tailored to the host's architecture and configuration. This involves securing configurations, access controls, permissions and services on Unix-like systems. Common weaknesses include password issues, exploitable services and improper permissions. Unix uses users, groups and world permissions on files and directories to control access. Sensitive system directories must have proper permissions to balance security and usability. Remote access utilities like rlogin pose risks if not properly configured, so disabling them in favor of SSH is recommended. The Unix password system has evolved from insecure early implementations to more secure modern schemes that hash passwords and store them separately from account details.
This document provides an overview of Security Enhanced Linux (SELinux). It discusses what SELinux is, how it implements mandatory access control on Linux systems, and some basic SELinux concepts like types, users, roles, and the policy. It also covers installing SELinux on CentOS 7 and checking the mode.
101 4.5 manage file permissions and ownership v3Acácio Oliveira
This document discusses Linux file permissions and ownership. It covers commands used to manage permissions and ownership, including chmod, chown, chgrp, umask. Key areas covered include permissions for users, groups and others; permission levels for files and directories; and configuring user and group information stored in /etc/passwd, /etc/shadow, and /etc/groups files. The goal is to teach system administrators how to manage access permissions on files and directories to maintain security.
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
Co-presented with Matt Jamison (Sr Architect, DoD Programs) at the IBM Teach the Teacher (IBM T3) conference. Discussed SELinux, Policy Enforcement, Discretionary Access Control, Multi-Level Security vs Multi-Category Security, Role-Based Access Control, usage of SELinux, Linux Audit Subsystem, and host hardening procedures.
System hacking is the way hackers get access to individual computers on a network. ... This course explains the main methods of system hacking—password cracking, privilege escalation, spyware installation, and keylogging—and the countermeasures IT security professionals can take to fight these attacks.
Chroot and SELinux provide mechanisms for access control and confinement of untrusted programs. Chroot changes a process's root directory, confining it to that subtree. SELinux implements mandatory access control using security contexts and policies to define allowed access between subjects and objects. It can prevent privilege escalation even if the root account is compromised.
Linux systems often have opportunities for privilege escalation through misconfigured files, directories, or binaries. An attacker can use tools like Metasploit, searchsploit, and exploitDB to search for known exploits to escalate privileges on older or outdated systems. System enumeration reveals useful information for privilege escalation like kernel versions, user accounts, permissions, and processes. Misconfigured permissions on files, directories, or binaries with sudo/setuid/setgid can allow escalating privileges by modifying or executing files as a privileged user.
This document discusses Linux file permissions and ownership. It covers managing access permissions on files and directories using tools like chmod, chown, chgrp. It explains Linux permissions in terms of read, write, and execute for users, groups, and others. Directories and files have different permission rules. File ownership associates each file with a user and group, and permissions are checked against the file owner and group to determine access.
This document provides an overview of SELinux including its history and development. It was originally created by the NSA as a way to implement mandatory access controls on Linux systems. Key points discussed include how SELinux implements the Flask architecture and uses security contexts, domains, and a policy language to enforce access controls at a more granular level than traditional Linux permissions. The document also covers SELinux file system labeling and different object classes.
2008-10-15 Red Hat Deep Dive Sessions: SELinuxShawn Wells
This document discusses SELinux and provides details about:
1) The three SELinux policy types - targeted, strict, and multi-level security (MLS). It explains the differences between these policy types.
2) How SELinux works using type enforcement to define security contexts for subjects and objects to enforce access controls.
3) Tools that system administrators can use to manage SELinux policies and troubleshoot issues like semanage, sealert, and audit2allow. It provides examples of using these tools.
4) A scenario where a corporate VPN update broke a user's configuration and how SELinux logs and tools could help fix the issue.
The document discusses various methods for securing Linux files, including setting proper file permissions, monitoring log files for suspicious activity, and automating checks for unauthorized file modifications through tools like Tripwire and Samhain. It emphasizes the importance of carefully configuring file permissions, reviewing log files regularly, and detecting any changes to important system files to maintain security and integrity.
This document provides an overview of security features in UNIX and Linux operating systems. It discusses permissions, access control lists, mandatory access control, password hashing, system patching, sandboxing users and services, and other security concepts. The document aims to educate readers on basic and advanced security techniques available in UNIX/Linux to protect systems from threats.
With respect to the security aspects of Linux- answer the following qu.docxSUKHI5
With respect to the security aspects of Linux, answer the following questions.
1.How does Linux manage/store user names and passwords?
2.What types of privileges are granted to “root†UID ?
Solution
1)How to manage user name and passwords in linux?
We can create new users in two ways one is through useradd command and by using shell script .
Generally Normal user don’t have permissions to create user.root user will have such type of permissions to create user or manage user or giving required privileges to the user.
When coming to the user creation.If the new user get created the user information like username and password are stored in two files which are /etc/passwd and /etc/shadow.
when coming to the /etc/passwd file:
This file contains the fields like username,link for the password file(/etc/shadow),user ID(UID),Group ID(GID),comment,Home directory of that user,shell
This file can be readable by any user.That why the password information has been moved to the /etc/shadow file .This file couldn’t be readable by any other members or users other than root.
When coming to the /etc/shadow file.The fields which are there in this are:
User name , password is in encrypted format ,the days last password changed,days after password must be changed,the days after password expiry(User is disabled after those many number of days),and reserve field.
In this file we will have password in encrypted format .For to encrypt the password linux has followed some algorithms like SHA512.
__________________________________________________________________________________
2) What types of privileges are granted to “root†UID?
Ans)root user will have all the permissions to access the files in the linux or in the linux file system.He has complete access to all the files and commands.He has the ability to read,write and execute any file in the file system(r=read,w=write,x=execute).Usually Administrative people have this root access.With this root permissions theycan have ability to create the new user also.
.
This document discusses adopting SELinux for enhanced security on Android systems. It begins by covering the deficiencies of Discretionary Access Control (DAC) and how SELinux can improve upon it. DAC is the standard access control method in Linux but has flaws that allow unauthorized access. SELinux implements Mandatory Access Control (MAC) which enforces additional access controls through security policies. The document argues that SELinux is well-suited for Android given mobile phones' widespread Internet access and potential for distributed denial of service attacks. While SELinux adds security it can reduce system availability, but the document asserts availability is less important for mobile phones. It concludes that using SELinux on Android can significantly reduce damage from
2008 08-12 SELinux: A Key Component in Secure InfrastructuresShawn Wells
Presented at SHARE Conference, "SELinux: A Key Component in Secure Infrastructures"
Covers "what is SELinux?," Type Enforcement, SELinux Usage, and example scenarios.
This document discusses computer system protection. It outlines goals of protection like preventing unauthorized access. Principles like least privilege aim to minimize damage from compromised access. Protection domains define which objects and operations processes can access. Access matrices represent these access rights. Examples of early capability-based and language-based protection systems are described.
This document provides an overview of network management with Linux. It discusses key topics such as:
- Why Linux is significant, including its growing popularity, power, ability to run on multiple hardware platforms, and speed and stability.
- The basic Linux system structure including user commands, the shell for interpreting commands, and the kernel for managing hardware resources.
- Common shells like Bash used for calling commands and programming.
- Basic Linux file system organization with directories, pathnames, and special filenames.
- File permissions including read, write, and execute permissions for owners, groups and others.
- Virtual file systems and how they provide a consistent view of data storage.
- User management with tools like useradd
The document discusses various topics related to user security in Linux systems. It covers selecting strong passwords, managing passwords using tools like passwd and PAM, using utilities like sudo and vlock to control access, and seeing who is logged into the system. It emphasizes the importance of password security and provides tips for creating secure passwords.
The document contains questions and answers related to network programming and UNIX system concepts. Some key points covered include:
- File descriptors are integers used by the kernel to identify open files for a process. A program is executed as a process, which has a unique process ID.
- There are two types of CPU times in UNIX - user CPU time for user instructions, and system CPU time for when the kernel executes on behalf of the process.
- Common IPC methods in UNIX include pipes, message queues, semaphores and shared memory. Message queues store prioritized messages in a linked list.
The document discusses security concerns related to hacking Novell Netware networks. It covers common default accounts and passwords in Netware that can be exploited, such as the supervisor account. It also describes various password cracking and hacking tools that can be used to attack Netware systems, such as password crackers, and tools to access password files, spoof logs, and conduct denial of service attacks. Finally, it discusses recommended practices for hardening Netware server settings to help prevent attacks.
Sysinternals utilities : a brief introduction to Akshay koshti
A brief intro to all the tools available in the Sysinternals utilities and how to perform various tasks in the forensic domain from the same utilities.
Rainfall intensity duration frequency curve statistical analysis and modeling...bijceesjournal
Using data from 41 years in Patna’ India’ the study’s goal is to analyze the trends of how often it rains on a weekly, seasonal, and annual basis (1981−2020). First, utilizing the intensity-duration-frequency (IDF) curve and the relationship by statistically analyzing rainfall’ the historical rainfall data set for Patna’ India’ during a 41 year period (1981−2020), was evaluated for its quality. Changes in the hydrologic cycle as a result of increased greenhouse gas emissions are expected to induce variations in the intensity, length, and frequency of precipitation events. One strategy to lessen vulnerability is to quantify probable changes and adapt to them. Techniques such as log-normal, normal, and Gumbel are used (EV-I). Distributions were created with durations of 1, 2, 3, 6, and 24 h and return times of 2, 5, 10, 25, and 100 years. There were also mathematical correlations discovered between rainfall and recurrence interval.
Findings: Based on findings, the Gumbel approach produced the highest intensity values, whereas the other approaches produced values that were close to each other. The data indicates that 461.9 mm of rain fell during the monsoon season’s 301st week. However, it was found that the 29th week had the greatest average rainfall, 92.6 mm. With 952.6 mm on average, the monsoon season saw the highest rainfall. Calculations revealed that the yearly rainfall averaged 1171.1 mm. Using Weibull’s method, the study was subsequently expanded to examine rainfall distribution at different recurrence intervals of 2, 5, 10, and 25 years. Rainfall and recurrence interval mathematical correlations were also developed. Further regression analysis revealed that short wave irrigation, wind direction, wind speed, pressure, relative humidity, and temperature all had a substantial influence on rainfall.
Originality and value: The results of the rainfall IDF curves can provide useful information to policymakers in making appropriate decisions in managing and minimizing floods in the study area.
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
Co-presented with Matt Jamison (Sr Architect, DoD Programs) at the IBM Teach the Teacher (IBM T3) conference. Discussed SELinux, Policy Enforcement, Discretionary Access Control, Multi-Level Security vs Multi-Category Security, Role-Based Access Control, usage of SELinux, Linux Audit Subsystem, and host hardening procedures.
System hacking is the way hackers get access to individual computers on a network. ... This course explains the main methods of system hacking—password cracking, privilege escalation, spyware installation, and keylogging—and the countermeasures IT security professionals can take to fight these attacks.
Chroot and SELinux provide mechanisms for access control and confinement of untrusted programs. Chroot changes a process's root directory, confining it to that subtree. SELinux implements mandatory access control using security contexts and policies to define allowed access between subjects and objects. It can prevent privilege escalation even if the root account is compromised.
Linux systems often have opportunities for privilege escalation through misconfigured files, directories, or binaries. An attacker can use tools like Metasploit, searchsploit, and exploitDB to search for known exploits to escalate privileges on older or outdated systems. System enumeration reveals useful information for privilege escalation like kernel versions, user accounts, permissions, and processes. Misconfigured permissions on files, directories, or binaries with sudo/setuid/setgid can allow escalating privileges by modifying or executing files as a privileged user.
This document discusses Linux file permissions and ownership. It covers managing access permissions on files and directories using tools like chmod, chown, chgrp. It explains Linux permissions in terms of read, write, and execute for users, groups, and others. Directories and files have different permission rules. File ownership associates each file with a user and group, and permissions are checked against the file owner and group to determine access.
This document provides an overview of SELinux including its history and development. It was originally created by the NSA as a way to implement mandatory access controls on Linux systems. Key points discussed include how SELinux implements the Flask architecture and uses security contexts, domains, and a policy language to enforce access controls at a more granular level than traditional Linux permissions. The document also covers SELinux file system labeling and different object classes.
2008-10-15 Red Hat Deep Dive Sessions: SELinuxShawn Wells
This document discusses SELinux and provides details about:
1) The three SELinux policy types - targeted, strict, and multi-level security (MLS). It explains the differences between these policy types.
2) How SELinux works using type enforcement to define security contexts for subjects and objects to enforce access controls.
3) Tools that system administrators can use to manage SELinux policies and troubleshoot issues like semanage, sealert, and audit2allow. It provides examples of using these tools.
4) A scenario where a corporate VPN update broke a user's configuration and how SELinux logs and tools could help fix the issue.
The document discusses various methods for securing Linux files, including setting proper file permissions, monitoring log files for suspicious activity, and automating checks for unauthorized file modifications through tools like Tripwire and Samhain. It emphasizes the importance of carefully configuring file permissions, reviewing log files regularly, and detecting any changes to important system files to maintain security and integrity.
This document provides an overview of security features in UNIX and Linux operating systems. It discusses permissions, access control lists, mandatory access control, password hashing, system patching, sandboxing users and services, and other security concepts. The document aims to educate readers on basic and advanced security techniques available in UNIX/Linux to protect systems from threats.
With respect to the security aspects of Linux- answer the following qu.docxSUKHI5
With respect to the security aspects of Linux, answer the following questions.
1.How does Linux manage/store user names and passwords?
2.What types of privileges are granted to “root†UID ?
Solution
1)How to manage user name and passwords in linux?
We can create new users in two ways one is through useradd command and by using shell script .
Generally Normal user don’t have permissions to create user.root user will have such type of permissions to create user or manage user or giving required privileges to the user.
When coming to the user creation.If the new user get created the user information like username and password are stored in two files which are /etc/passwd and /etc/shadow.
when coming to the /etc/passwd file:
This file contains the fields like username,link for the password file(/etc/shadow),user ID(UID),Group ID(GID),comment,Home directory of that user,shell
This file can be readable by any user.That why the password information has been moved to the /etc/shadow file .This file couldn’t be readable by any other members or users other than root.
When coming to the /etc/shadow file.The fields which are there in this are:
User name , password is in encrypted format ,the days last password changed,days after password must be changed,the days after password expiry(User is disabled after those many number of days),and reserve field.
In this file we will have password in encrypted format .For to encrypt the password linux has followed some algorithms like SHA512.
__________________________________________________________________________________
2) What types of privileges are granted to “root†UID?
Ans)root user will have all the permissions to access the files in the linux or in the linux file system.He has complete access to all the files and commands.He has the ability to read,write and execute any file in the file system(r=read,w=write,x=execute).Usually Administrative people have this root access.With this root permissions theycan have ability to create the new user also.
.
This document discusses adopting SELinux for enhanced security on Android systems. It begins by covering the deficiencies of Discretionary Access Control (DAC) and how SELinux can improve upon it. DAC is the standard access control method in Linux but has flaws that allow unauthorized access. SELinux implements Mandatory Access Control (MAC) which enforces additional access controls through security policies. The document argues that SELinux is well-suited for Android given mobile phones' widespread Internet access and potential for distributed denial of service attacks. While SELinux adds security it can reduce system availability, but the document asserts availability is less important for mobile phones. It concludes that using SELinux on Android can significantly reduce damage from
2008 08-12 SELinux: A Key Component in Secure InfrastructuresShawn Wells
Presented at SHARE Conference, "SELinux: A Key Component in Secure Infrastructures"
Covers "what is SELinux?," Type Enforcement, SELinux Usage, and example scenarios.
This document discusses computer system protection. It outlines goals of protection like preventing unauthorized access. Principles like least privilege aim to minimize damage from compromised access. Protection domains define which objects and operations processes can access. Access matrices represent these access rights. Examples of early capability-based and language-based protection systems are described.
This document provides an overview of network management with Linux. It discusses key topics such as:
- Why Linux is significant, including its growing popularity, power, ability to run on multiple hardware platforms, and speed and stability.
- The basic Linux system structure including user commands, the shell for interpreting commands, and the kernel for managing hardware resources.
- Common shells like Bash used for calling commands and programming.
- Basic Linux file system organization with directories, pathnames, and special filenames.
- File permissions including read, write, and execute permissions for owners, groups and others.
- Virtual file systems and how they provide a consistent view of data storage.
- User management with tools like useradd
The document discusses various topics related to user security in Linux systems. It covers selecting strong passwords, managing passwords using tools like passwd and PAM, using utilities like sudo and vlock to control access, and seeing who is logged into the system. It emphasizes the importance of password security and provides tips for creating secure passwords.
The document contains questions and answers related to network programming and UNIX system concepts. Some key points covered include:
- File descriptors are integers used by the kernel to identify open files for a process. A program is executed as a process, which has a unique process ID.
- There are two types of CPU times in UNIX - user CPU time for user instructions, and system CPU time for when the kernel executes on behalf of the process.
- Common IPC methods in UNIX include pipes, message queues, semaphores and shared memory. Message queues store prioritized messages in a linked list.
The document discusses security concerns related to hacking Novell Netware networks. It covers common default accounts and passwords in Netware that can be exploited, such as the supervisor account. It also describes various password cracking and hacking tools that can be used to attack Netware systems, such as password crackers, and tools to access password files, spoof logs, and conduct denial of service attacks. Finally, it discusses recommended practices for hardening Netware server settings to help prevent attacks.
Sysinternals utilities : a brief introduction to Akshay koshti
A brief intro to all the tools available in the Sysinternals utilities and how to perform various tasks in the forensic domain from the same utilities.
Rainfall intensity duration frequency curve statistical analysis and modeling...bijceesjournal
Using data from 41 years in Patna’ India’ the study’s goal is to analyze the trends of how often it rains on a weekly, seasonal, and annual basis (1981−2020). First, utilizing the intensity-duration-frequency (IDF) curve and the relationship by statistically analyzing rainfall’ the historical rainfall data set for Patna’ India’ during a 41 year period (1981−2020), was evaluated for its quality. Changes in the hydrologic cycle as a result of increased greenhouse gas emissions are expected to induce variations in the intensity, length, and frequency of precipitation events. One strategy to lessen vulnerability is to quantify probable changes and adapt to them. Techniques such as log-normal, normal, and Gumbel are used (EV-I). Distributions were created with durations of 1, 2, 3, 6, and 24 h and return times of 2, 5, 10, 25, and 100 years. There were also mathematical correlations discovered between rainfall and recurrence interval.
Findings: Based on findings, the Gumbel approach produced the highest intensity values, whereas the other approaches produced values that were close to each other. The data indicates that 461.9 mm of rain fell during the monsoon season’s 301st week. However, it was found that the 29th week had the greatest average rainfall, 92.6 mm. With 952.6 mm on average, the monsoon season saw the highest rainfall. Calculations revealed that the yearly rainfall averaged 1171.1 mm. Using Weibull’s method, the study was subsequently expanded to examine rainfall distribution at different recurrence intervals of 2, 5, 10, and 25 years. Rainfall and recurrence interval mathematical correlations were also developed. Further regression analysis revealed that short wave irrigation, wind direction, wind speed, pressure, relative humidity, and temperature all had a substantial influence on rainfall.
Originality and value: The results of the rainfall IDF curves can provide useful information to policymakers in making appropriate decisions in managing and minimizing floods in the study area.
Software Engineering and Project Management - Introduction, Modeling Concepts...Prakhyath Rai
Introduction, Modeling Concepts and Class Modeling: What is Object orientation? What is OO development? OO Themes; Evidence for usefulness of OO development; OO modeling history. Modeling
as Design technique: Modeling, abstraction, The Three models. Class Modeling: Object and Class Concept, Link and associations concepts, Generalization and Inheritance, A sample class model, Navigation of class models, and UML diagrams
Building the Analysis Models: Requirement Analysis, Analysis Model Approaches, Data modeling Concepts, Object Oriented Analysis, Scenario-Based Modeling, Flow-Oriented Modeling, class Based Modeling, Creating a Behavioral Model.
artificial intelligence and data science contents.pptxGauravCar
What is artificial intelligence? Artificial intelligence is the ability of a computer or computer-controlled robot to perform tasks that are commonly associated with the intellectual processes characteristic of humans, such as the ability to reason.
› ...
Artificial intelligence (AI) | Definitio
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Design and optimization of ion propulsion dronebjmsejournal
Electric propulsion technology is widely used in many kinds of vehicles in recent years, and aircrafts are no exception. Technically, UAVs are electrically propelled but tend to produce a significant amount of noise and vibrations. Ion propulsion technology for drones is a potential solution to this problem. Ion propulsion technology is proven to be feasible in the earth’s atmosphere. The study presented in this article shows the design of EHD thrusters and power supply for ion propulsion drones along with performance optimization of high-voltage power supply for endurance in earth’s atmosphere.
1. UNIT – 4
2.2 Type Enforcement Access Control
In SELinux, all access must be explicitly granted. SELinux allows no access by default,
regardless of the Linux user/group IDs. Yes, this means that there is no default superuser in
SELinux, unlike root in standard Linux. The way access is granted is by specifying access from a
subject type (that is, a domain) and an object type using an allow rule. An allow rule has four
elements:
Source type(s) Usually the domain type of a process attempting access
Target type(s) The type of an object being accessed by the process
Object class(es) The class of object that the specified access is permitted
Permission(s) The kind of access that the source type is allowed to the target type for the
indicated object classes
As an example, take the following rule:
allow user_t bin_t : file {read execute getattr};
This example shows the basic syntax of a TE allow rule. This rule has two type identifiers: the
source (or subject or domain) type, user_t; and the target (or object) type, bin_t. The identifier
file is the name of an object class defined in the policy (in this case, representing an ordinary
file). The permissions contained within the braces are a subset of the permissions valid for an
instance of the file object class. The translation of this rule would be as follows:
A process with a domain type of user_t can read, execute, or get attributes for a file object with a
type of bin_t.
As we discuss later, permissions in SELinux are substantially more granular than in standard
Linux, where there are only three (rwx). In this case, read and execute are fairly conventional;
getattr is less obvious. Essentially, getattr permission to a file allows a caller to view (not
change) attributes such as date, time, and discretionary access control (DAC) access modes. In a
standard Linux system, a caller may view such information on a file with only search permission
to the file's directory even if the caller does not have read access to the file.
Assuming that user_t is the domain type of an ordinary, unprivileged user process such as a login
shell process, and bin_t is the type associated with executable files that users run with the typical
security privileges (for example, /bin/bash), the rule might be in a policy to allow users to
execute shell programs such as the bash shell.
Note
2. There is no significance to the _t in the type identifier name. This is just a naming convention
used in most SELinux policies; a policy writer can define a type identifier using any convenient
convention allowed by the policy language syntax.
Throughout this chapter, we often depict allowed access using symbols: circles for processes,
boxes for objects, and arrows representing allowed access. For example, Figure 2-1 depicts the
access allowed by the previous allow rule.
Figure 2-1 A depiction of an allow rule
2.2.1 Type Enforcement by Example
SELinux allow rules such as the preceding example are really all there is to granting access in
SELinux. The challenge is determining the many thousands of accesses one must create to
permit the system to work while ensuring that only the necessary permissions are granted, to
make it as secure as possible.
To further explore type enforcement, let's use the example of the password management program
(that is, passwd). In Linux, the password program is trusted to read and modify the shadow
password file (/etc/shadow) where encrypted passwords are stored. The password program
implements its own internal security policy that allows ordinary users to change only their own
password while allowing root to change any password. To perform this trusted job, the password
program needs the ability to move and re-create the shadow file. In standard Linux, it has this
privilege because the password program executable file has the setuid bit set so that when it is
executed by anyone, it runs as root user (which has all access to all files). However, many, many
programs can run as root (in reality, all programs can potentially run as root). This means, any
program (when running as root) has the potential to modify the shadow password file. What type
enforcement enables us to do is to ensure that only the password program (or similar trusted
programs) can access the shadow file, regardless of the user running the program.
Figure 2-2 depicts how the password program might work in an SELinux system using type
enforcement.
Figure 2-2 Type enforcement example: passwd program
3. In this example, we defined two types. The passwd_t type is a domain type intended for use by
the password program. The shadow_t type is the type for the shadow password file. If we
examine such a file on disk, we would see something like this:
# ls -Z /etc/shadow
-r---- root root system_u:object_r:shadow_t shadow
Likewise, examining a process running the password program under this policy would yield this:
# ps -aZ
joe:user_r:passwd_t 16532 pts/0 00:00:00 passwd
For now, you can ignore the user and role elements of the security context and just note the
types.
Examine the allow rule in Figure 2-2 The purpose of this rule is to give the passwd process'
domain type (passwd_t) the access to the shadow's file type (shadow_t) needed to allow the
process to move and create a new shadow password file. So, in reexamining Figure 2-2, we see
that the depicted process running the password program (passwd) can successfully manage the
shadow password file because it has an effective user ID of root (standard Linux access control)
and because a TE allow rule permits it adequate access to the shadow password file's type
(SELinux access control). Both are necessary, neither is sufficient.
2.2.2 The Problem of Domain Transitions
If all we had to do was provide allowed access for processes to objects such as files, writing a TE
policy would be straightforward. However, we have to figure out a way to securely run the right
programs in a process with the right domain type. For example, we do not want programs not
trusted to access the shadow file to somehow execute in a process with the passwd_t domain
type. This could be disastrous. This problem brings us to the issue of domain transitions.
To illustrate, examine Figure 2-3, in which we expand upon the previous password program
example. In a typical system, a user (say Joe) logs in, and through the magic of the login process,
a shell process is created (for example, running bash). In standard Linux security, the real and
effective user IDs (that is, joe) are the same. [1] In our example SELinux policy, we see that the
process type is user_t, which is intended to be the domain type of ordinary, untrusted user
processes. As Joe's shell runs other programs, the type of the new processes created on Joe's
behalf will keep the user_t domain type unless some other action is taken. So how does Joe
change passwords?
4. Figure 2-3 The problem of domain transitions
We would not want Joe's untrusted domain type user_t to have the capability to read and write
the shadow password file directly because this would allow any program (including Joe's shell)
to see and change the contents of this critical file. As discussed previously, we want only the
password program to have this access, and then only when running with the password domain
type. So, the question is how to provide a safe, secure, and unobtrusive method for transitioning
from Joe's shell running with the user t type to a process running the password program with the
password_t type.
2.2.3 Review of SetUID Programs in Standard Linux Security
Before we discuss how to deal with the problem of domain transitions, let's first review how a
similar problem is handled in standard Linux where the same problem of providing Joe a means
to securely change his password exists. The way Linux solves this problem is by making passwd
a setuid to the root program. If you list the password program file on a typical Linux system, you
see something like this:
# ls -l /usr/bin/password
-r-s—x—x 1 root root 19336 Sep 7 04:11 /usr/bin/passwd
Notice two things about this listing. First the s in the x spot for the owner permission. This is the
so-called setuid bit and means that for any process that executes this file, its effective UID (that
is, the user ID used for access control decisions) will be changed to that of the file owner. In this
case, root is the file owner, and therefore when executed the password program will always run
with the effective user ID of root. Figure 2-4 shows these steps.
Figure 2-4 Password program security in standard Linux (setuid)
What actually happens when Joe runs the password program is that his shell will make a fork()
system call to create a near duplicate of itself. This duplicate process still has the same real and
effective user IDs (joe) and is still running the shell program (bash). However, immediately after
forking, the new process will make an execve() system call to execute the password program.
Standard Linux security requires that the calling user ID (still joe) have x access, which in this
case is true because of the x access to everyone. Two key things happen as a result of the
successful execve() call. First, the shell program running in the new process is replaced by the
password program (passwd). Second, because the setuid bit is set for owner, the effective user ID
is changed from the process' original ID to the file owner ID (root in this case). Because root can
5. access all files, the password program can now access the shadow password file and handle the
request from Joe to change his password.
Use of the setuid bit is well established in UNIX-like operating systems and is a simple and
powerful feature. However, it also illustrates the primary weakness of standard Linux security.
The password program needs to run as root to access the shadow file. However, when running as
root, the password program can effectively access any system resource. This is a violation of the
central security engineering principal of least privilege. As a result, we must trust the password
program to be benign with respect to all other possible actions on the system. For truly secure
applications, the password program requires an extensive code audit to ensure it does not abuse
its extra privilege. Further, when the inevitable unforeseen error makes its way into the password
program, it presents a possible opportunity to introduce vulnerabilities beyond accessing the
shadow password file. Although the password program is fairly simple and highly trusted, think
of the other programs (including login shells) that may and do run as root with that power.
What we would really like is a way to ensure least privilege for the password program and any
other program that must have some privilege. In simple terms, we want the password program to
be able to access only the shadow and other password-related files plus those bare-minimum
system resources necessary to run; and we would like to ensure that no other program but the
password (and similar) programs can access the shadow password file. In this way, we need only
evaluate the password (and similar) programs with respect to its role in managing user accounts
and need not concern ourselves with other programs when evaluating security concerns for user
account management.
This is where type enforcement comes in.
2.2.4 Domain Transitions
As previously shown in Figure 2-2, the allow rule that would ensure that passwd process domain
type (passwd_t) can access the shadow password file. However, we still have the problem of
domain transitions described earlier. Providing for secure domain transition is analogous to the
concept of setuid programs, but with the strength of type enforcement. To illustrate, let's take the
setuid example and add type enforcement (see Figure 2-5).
Figure 2-5 Passwd program security in SELinux (domain transitions)
6. Now our example is more complicated. Let's examine this figure in detail. First notice that we
have added the three types we showed previously, namely Joe's shell domain (user_t), the
password program's domain type (passwd_t), and the shadow password file type (shadow_t). In
addition, we have added the file type for the passwd executable file (passwd_exec_t). For
example, listing the security context for the password program on-disk executable would yield a
result something like this:
# ls -Z /usr/bin/passwd
-r-s—x—x root root system_u:object_r:passwd_exec_t /usr/bin/passwd
Now we have enough information to create the TE policy rules that allow the password program
(and presumably only the password program) to run with the passwd_t domain type. Let's look at
the rules from Figure 2-5. The first rule is as follows:
allow user_t passwd_exec_t : file {getattr execute};
What this rule does is allow Joe's shell (user_t) to initiate an execve() system call on the passwd
executable file (passwd_exec_t). The SELinux execute file permission is essentially the same
permission as x access for files in standard Linux. (The shell "stats" the file before trying to
execute, hence the need for getattr permission, too.) Recall our description of how a shell
program actually works. First it forks a copy of itself, including identical security attributes. This
copy still retains Joe's shell original domain type (user_t). Therefore, the execute permission
must be for the original domain (that is, the shell's domain type). That is why user_t is the source
type for this rule.
Let's now look at the next allow rules from Figure 2-5:
allow passwd_t passwd_exec_t : file entrypoint;
This rule provides entrypoint access to the passwd_t domain. The entrypoint permission is a
rather valuable permission in SELinux. What this permission does is define which executable
files (and therefore which programs) may "enter" a domain. For a domain transition, the new or
"to-be-entered" domain (in this case, passwd_t) must have entrypoint access to the executable
file used to transition to the new domain type. In this case, assuming that only the passwd
executable file is labeled with passwd_exec_t, and that only type passwd_t has entrypoint
permission to passwd_exec_t, we have the situation that only the password program can run in
the passwd_t domain type. This is a powerful security control.
Warning
The concept of entrypoint permission is extremely important. If you did not fully understand the
preceding example, please re-read it again before proceeding.
Let's now look at the final rule:
7. allow user_t passwd_t : process transition;
This is the first allow rule we have seen that did not provide access to file objects. In this case,
the object class is process, meaning the object class representing processes. Recall that all system
resources are encapsulated in an object class. This concept holds for processes, too. In this final
rule, the permission is transition access. This permission is needed to allow the type of a process'
security context to change. The original type (user_t) must have transition permission to the new
type (passwd_t) for the domain transition to be allowed.
These three rules together provide the necessary access for a domain transition to occur. For a
domain transition to succeed, all three rules are necessary; alone, none is sufficient. Therefore, a
domain transition is allowed only when the following three conditions are true:
1. 1. The process' new domain type has entrypoint access to an executable file type.
2. 2. The process' current (or old) domain type has execute access to the entry point file
type.
3. 3. The process' current domain type has transition access to the new domain type.
When all three of these permissions are permitted in a TE policy, a domain transition may occur.
Further, with the use of the entrypoint permission on executable files, we have the power to
strictly control which programs can run with a given domain type. The execve() system call is
the only way to change a domain type, [2] giving the policy writer great control over an individual
program's access to privilege, regardless of the user who may be invoking the program.
Now the issue is how does Joe indicate that he wants a domain transition to occur. The above
rules allow only the domain transition; they do not require it. There are ways that a programmer
or user can explicitly request a domain transition (if allowed), but in general we do not want
users to have to make these requests explicitly. All Joe wants to do is run the password program,
and he expects the system to ensure that he can. We need a way to have the system initiate a
domain transition by default.
2.2.5 Default Domain Transitions: type_transition Statement
To support domain transitions occurring by default (as we want in the case of the password
program), we need to introduce a new rule, the type transition rule (type_transition). This rule
provides a means for the SELinux policy to specify default transitions that should be attempted if
an explicit transition was not requested. Let's add the following type transition rule to the allow
rules:
type_transition user_t passwd_exec_t : process passwd_t;
8. The syntax of this rule differs from the allow rule. There are still source and target types (user_t
and passwd_exec_t, respectively) and an object class (process). However, instead of permissions,
we have a third type, the default type (passwd_t).
Type_transition rules are used for multiple different purposes relating to default type changes.
For now, we are concerned with a type_transition rule that has process as its object class. Such
rules cause a default domain transition to be attempted. The type_transition rule indicates that, by
default on an execve() system call, if the calling process' domain type is user_t and the
executable file's type is passwd_exec_t (as is the case in our example in Figure 2-5), a domain
transition to a new domain type (passwd_t) will be attempted.
The type_transition rule allows the policy writer to cause default domain transitions to be
initiated without explicit user input. This makes type enforcement less obtrusive to the user. In
our example, Joe does not want to know anything about access control or types; he wants only to
change his password. The system and policy designer can use type_transition rules to make these
transitions transparent to the user.
Note
Remember that a type_transition rule causes a domain transition to be attempted by default, but it
does not allow it. You must still provide the three types of access required for a domain
transition to successfully occur, whether it was initiated by default or as a result of the user's
explicit request.
SELinux by Example: Using Security
Enhanced Linux
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art
platform for building and maintaining highly secure solutions. Now that SELinux is included in
the Linux 2.6 kernel—and delivered by default in Fedora Core, Red Hat Enterprise Linux, and
other major distributions—it’s easier than ever to take advantage
of its benefits.
SELinux by Example is the first complete, hands-on guide to using SELinux in production
environments. Authored by three leading SELinux researchers and developers, it illuminates
every facet of working with SELinux, from its architecture and security object model to its
9. policy language. The book thoroughly explains SELinux sample policies— including the
powerful new Reference Policy—showing how to quickly adapt them to your unique
environment. It also contains a comprehensive SELinux policy language reference and covers
exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.
• Thoroughly understand SELinux’s access control and security mechanisms
• Use SELinux to construct secure systems from the ground up
• Gain fine-grained control over kernel resources
• Write policy statements for type enforcement, roles, users, and constraints
• Use optional multilevel security to enforce information classification and manage users with
diverse clearances
• Create conditional policies that can be changed on-the-fly
• Define, manage, and maintain SELinux security policies
• Develop and write new SELinux security policy modules
• Leverage emerging SELinux technologies to gain even greater flexibility
• Effectively administer any SELinux system
Hooking Linux Kernel Functions, Part 1: Looking for the Perfect Solution
We recently worked on a Linux system security-related project in which we needed to hook
important Linux kernel function calls such as for opening files and launching processes. We
needed it to enable system activity monitoring and preemptively block suspicious processes.
Eventually, we invented an efficient approach for hooking any function in the kernel by its name
and executing our code around its calls with the help of ftrace, a Linux kernel tracing feature. In
this first part of our three-part series, we describe the four approaches we tried for Linux function
hooking prior to coming up with a new solution. We also give detailed information on the main
pros and cons of each of these approaches.
Four possible solutions
Using the Linux Security API
Modifying the system call table
10. Using kprobes
Splicing
Is there a fifth approach?
Conclusion
Four possible solutions
There are several ways that you can try to intercept critical functions of Linux kernel:
Using the Linux Security API
Modifying the system call table
Using the kprobes tool
Splicing
Using the ftrace utility
Below, we talk in detail about each of these kernel options.
Using the Linux Security API
At first, we thought that hooking functions with the Linux Security API would be the best choice
since the interface was designed for this particular purpose. Critical points of the kernel code
contain security function calls that can cause callbacks installed by the security module. The
module can study the context of a specific operation and decide whether to permit or prohibit it.
Unfortunately, the Linux Security API has two major limitations:
Security modules can’t be loaded dynamically, so we would need to rebuild the kernel
since these modules are part of it.
With some minor exceptions, a system can’t have multiple security modules.
While kernel developers have different opinions on whether a system can contain multiple
security modules, the fact that a module can’t be loaded dynamically is a given. To ensure the
constant security of the system from the start, the security module has to be part of the kernel.
So in order to use the Linux Security API, we would need to build a custom Linux kernel and
integrate an additional module with AppArmor or SELinux, that are used in popular
distributions. This option, however, didn’t suit our client, so we looked for another solution.
11. Read also:
Transparent SSL Proxy on a Regular PC: Can It Handle One Million Concurrent Connections?
Modifying the system call table
Since monitoring was required mostly for actions performed by user applications, we could
implement it on the system call level. All Linux system call handlers are stored in the table
sys_call_table. Changing the values in this table leads to changing the system behavior. As a
result, we can hook any system call by saving the old handler value and adding our own handler
to the table.
This approach also has some pros and cons. The main advantages of changing values in the
system call table are the following:
Full control over all system calls as the only kernel interface for user applications. Thus,
you won’t miss any important actions performed by a user process.
Minor performance overhead. There are one-time investments in updating the system call
table. The two other expenses are the inevitable monitoring payload and the extra
function call we need to call the original system call handler.
Minor kernel requirements. In theory, this approach can be used for nearly any system
because you don’t need specific kernel features in order to modify the system call table.
Still, this approach also has several drawbacks:
Technically complex implementation. While replacing the values in the table isn’t difficult, there
are several additional tasks that require certain qualifications and some non-obvious solutions:
Finding the system call table
Bypassing kernel write protection of the table’s memory region
Ensuring safe performance of the replacement process
Solving these problems means that developers have to waste more time on realizing, supporting,
and understanding the process.
Some handlers can’t be replaced. In Linux kernels prior to version 4.16, system call processing
for the x86_64 architecture has some additional optimizations. Some of these optimizations
require the system call handler to be implemented in the assembler. These kinds of handlers are
either hard or impossible to replace with custom handlers written in C. Furthermore, the fact that
different kernel versions use different optimizations boosts the technical complexity of the task
even more.
12. Only system calls are hooked. Since this approach allows you to replace system call handlers, it
limits entry points significantly. All additional checks can be performed either immediately
before or after a system call, and we only have system call arguments and their return values. As
a result, sometimes we may need to double-check both access permissions of the process and the
validity of system call arguments. Plus, in some cases the need to copy user process memory
twice creates additional overhead charges. For instance, when the argument is passed through a
pointer, there will be two copies: the one that you make for yourself and the second one made by
the original handler. Sometimes, system calls also provide low granularity of events, so you may
need to apply additional filters to get rid of the noise.
At first, we tried to alter the system call table so we could cover as many systems as possible,
and we even implemented this approach successfully. But there are several specific features of
the x86_64 architecture and a few hooked call limitations that we didn’t know about. Ensuring
support for system calls related to the launch of specific new processes – clone () and execve () –
turned out to be critical for us. This is why we continued to search for other solutions.
Using kprobes
One of our remaining options was to use kprobes – a specific API designed for Linux kernel
tracing and debugging. Kprobes allows you to install pre-handlers and post-handlers for any
kernel instruction as well as for function-entry and function-return handlers. Handlers get access
to registers and can alter them. This way, we could possibly get a chance to both monitor the
work process and alter it.
Read also:
Kprobes Internals as a Field of Kernel Symbol Detection
The main benefits of using kprobes for tracing Linux kernel functions are the following:
A mature API. Kprobes has been improving constantly since 2002. The utility has a well-
documented interface and the majority of pitfalls have already been discovered and dealt
with.
The possibility to trace any point in the kernel. Kprobes is implemented via breakpoints
(the int3 instruction) embedded in the executable kernel code. Thus, you can set the trace
point literally in any part of any function as long as you know its location. Plus, you can
implement kretprobes by switching the return address on the stack and trace any
function’s return (except for ones that don’t return control at all).
Kprobes also has its disadvantages, however:
Technical complexity. Kprobes is only a tool for setting a breakpoint at a particular place in the
kernel. To get function arguments or local variable values, you need to know where exactly on
the stack and in what registers they’re located and get them out of there manually. Also, to block
13. a function call you need to manually modify the state of the process so you can trick it into
thinking that it’s already returned control from the function.
Jprobes is deprecated. Jprobes is a specialized kprobes version meant to make it easier to
perform a Linux kernel trace. Jprobes can extract function arguments from the registers or the
stack and call your handler, but the handler and the traced function should have the same
signatures. The only problem is that jprobes is deprecated and has been removed from the latest
kernels.
Nontrivial overhead. Even though it’s a one-time procedure, positioning breakpoints is quite
costly. While breakpoints don’t affect the rest of the functions, their processing is also relatively
expensive. Fortunately, the costs of using kprobes can be reduced significantly by using a jump-
optimization implemented for the x86_64 architecture. Still, the cost of kprobes surpasses that of
modifying the system call table.
Kretprobes limitations. The kretprobes feature is implemented by substituting the return address
on the stack. To get back to the original address after processing is over, kretprobes needs to
keep that original address somewhere. Addresses are stored in a buffer of a fixed size. If the
buffer is overloaded, like when the system performs too many simultaneous calls of the traced
function, kretprobes will skip some operations.
Disabled preemption. Kprobes is based on interruptions and fiddles with the processor registers.
So in order to perform synchronization, all handlers need to be executed with a disabled
preemption. As a result, there are several restrictions for the handlers: you can’t wait in them,
meaning you can’t allocate large amounts of memory, deal with input-output, sleep in
semaphores and timers, and so on.
Still, if all you need is to trace particular instructions inside a function, kprobes surely can be of
use.
Related services
Security Testing
Splicing
There’s also a classic way to configure kernel function hooking: by replacing the instructions at
the beginning of a function with an unconditional jump leading to your handler. The original
instructions are moved to a different location and are executed right before jumping back to the
intercepted function. Thus, with the help of only two jumps, you can splice your code into a
function.
14. This approach works the same way as the kprobes jump optimization. Using splicing, you can
get the same results as you get using kprobes but with much lower expenses and with full control
over the process.
The advantages of using splicing are pretty obvious:
Minimum requirements for the kernel. Splicing doesn’t require any specific options in the
kernel and can be implemented at the beginning of any function. All you need is the
function’s address.
Minimum overhead costs. The traced code needs to perform only two unconditional
jumps to hand over control to the handler and get control back. These jumps are easy to
predict for the processor and also are quite inexpensive.
However, this approach has one major disadvantage – technical complexity. Replacing the
machine code in a function isn’t that easy. Here are only a few things you need to accomplish in
order to use splicing:
Synchronize the hook installation and removal (in case the function is called during the
instruction replacement)
Bypass the write protection of memory regions with executable code
Invalidate CPU caches after instructions are replaced
Disassemble replaced instructions in order to copy them as a whole
Check that there are no jumps in the replaced part of the function
Check that the replaced part of the function can be moved to a different place
Of course, you can use the livepatch framework and look at kprobes for some hints, but the final
solution still remains too complex. And every new implementation of this solution will contain
too many sleeping problems.
If you’re ready to deal with these demons hiding in your code, then splicing can be a pretty
useful approach for hooking Linux kernel functions. But since we didn’t like this option, we left
it as an alternative in case we couldn’t find anything better.
Related services
Kernel and Driver Development
Is there a fifth approach?
15. When we were researching this topic, our attention was drawn to Linux ftrace, a framework you
can use to trace Linux kernel function calls. And while performing Linux kernel tracing with
ftrace is common practice, this framework also can be used as an alternative to jprobes. And, as
it turned out, ftrace suits our needs for tracing function calls even better than jprobes.
Ftrace allows you to hook critical Linux kernel functions by their names, and hooks can be
installed without rebuilding the kernel. In the next part of our series, we’ll talk more about ftrace.
What is an ftrace? How does ftrace work? We’ll answer these questions and give you a detailed
ftrace example so you can understand the process better. We’ll also tell you about the main ftrace
pros and cons. Wait for the second part of this series to get more details on this unusual
approach.
Conclusion
There are many ways you can try to hook critical functions in the Linux kernel. We’ve described
the four most common approaches for accomplishing this task and explained the benefits and
drawbacks of each. In the next part of our three-part series, we’ll tell you more about the solution
that our team of experts came up with in the end – hooking Linux kernel functions with ftrace.
Have any questions? You can learn more about our Linux kernel development experience here or
contact us by filling out the form below. It was originally published on https://www.apriorit.com/
Trap Handling
Traps remain an important component of any network performance monitoring strategy. As a
passive monitoring technique, they alert you of potential hiccups between polling cycles.
The SevOne Data Platform receives, displays, logs, reports, and alerts on traps from any device
or server on your network, notifying you of critical issues that are likely to impact end user
experience and disrupt your business.
Hearing the Signal through the Noise
Manually reviewing every trap received would be a time-consuming, stressful, and ultimately
futile task. How do you separate the majority of innocuous traps (noise) from the more serious
system alerts (signals), such as a fan, power, or heat failure? Your performance management
system must allow you to apply logic that automates the handling of incoming traps.
16. Simplifying Trap Handling
SevOne provides a policy-based trap processing engine that includes a collection of common,
default trap events to help you configure how traps are routed in the system. Less meaningful
traps may be filtered out, leaving a small percentage of pertinent traps for you to ignore, log, or
alert within SevOne or via e-mail. “Unknown” traps not recognized by the rules engine are sent
to a separate queue, where you can create new policies to automatically handle similar traps in
the future.
If you prefer to use a third party solution for fault management, customization can be written
through Professional Services to receive and forward traps to that platform. Likewise, traps from
another Network Performance Monitoring solution may be sent to SevOne for alerting and
historical reporting.
SevOne can process in excess of 5,000 SNMP traps per second, so scalability and performance
of the trap handling system is never a concern.
SevOne currently supports SNMP v1 and SNMP v2, and SNMP v3.
UNIX File System
Unix file system is a logical method of organizing and storing large amounts of information in a
way that makes it easy to manage. A file is a smallest unit in which the information is stored.
Unix file system has several important features. All data in Unix is organized into files. All files
are organized into directories. These directories are organized into a tree-like structure called the
file system.
Files in Unix System are organized into multi-level hierarchy structure known as a directory tree.
At the very top of the file system is a directory called “root” which is represented by a “/”. All
other files are “descendants” of root.
17. Directories or Files and their description –
/ : The slash / character alone denotes the root of the filesystem tree.
/bin : Stands for “binaries” and contains certain fundamental utilities, such as ls or cp,
which are generally needed by all users.
/boot : Contains all the files that are required for successful booting process.
/dev : Stands for “devices”. Contains file representations of peripheral devices and
pseudo-devices.
/etc : Contains system-wide configuration files and system databases. Originally also
contained “dangerous maintenance utilities” such as init,but these have typically been
moved to /sbin or elsewhere.
/home : Contains the home directories for the users.
/lib : Contains system libraries, and some critical files such as kernel modules or device
drivers.
/media : Default mount point for removable devices, such as USB sticks, media players,
etc.
/mnt : Stands for “mount”. Contains filesystem mount points. These are used, for
example, if the system uses multiple hard disks or hard disk partitions. It is also often
used for remote (network) filesystems, CD-ROM/DVD drives, and so on.
/proc : procfs virtual filesystem showing information about processes as files.
/root : The home directory for the superuser “root” – that is, the system administrator.
This account’s home directory is usually on the initial filesystem, and hence not in /home
18. (which may be a mount point for another filesystem) in case specific maintenance needs
to be performed, during which other filesystems are not available. Such a case could
occur, for example, if a hard disk drive suffers physical failures and cannot be properly
mounted.
/tmp : A place for temporary files. Many systems clear this directory upon startup; it
might have tmpfs mounted atop it, in which case its contents do not survive a reboot, or it
might be explicitly cleared by a startup script at boot time.
/usr : Originally the directory holding user home directories,its use has changed. It now
holds executables, libraries, and shared resources that are not system critical, like the X
Window System, KDE, Perl, etc. However, on some Unix systems, some user accounts
may still have a home directory that is a direct subdirectory of /usr, such as the default as
in Minix. (on modern systems, these user accounts are often related to server or system
use, and not directly used by a person).
/usr/bin : This directory stores all binary programs distributed with the operating system
not residing in /bin, /sbin or (rarely) /etc.
/usr/include : Stores the development headers used throughout the system. Header files
are mostly used by the #include directive in C/C++ programming language.
/usr/lib : Stores the required libraries and data files for programs stored within /usr or
elsewhere.
/var : A short for “variable.” A place for files that may change often – especially in size,
for example e-mail sent to users on the system, or process-ID lock files.
/var/log : Contains system log files.
/var/mail : The place where all the incoming mails are stored. Users (other than root) can
access their own mail only. Often, this directory is a symbolic link to /var/spool/mail.
/var/spool : Spool directory. Contains print jobs, mail spools and other queued tasks.
/var/tmp : A place for temporary files which should be preserved between system reboots.
Types of Unix files – The UNIX files system contains several different types of files :
19. 1. Ordinary files – An ordinary file is a file on the system that contains data, text, or program
instructions.
Used to store your information, such as some text you have written or an image you have
drawn. This is the type of file that you usually work with.
Always located within/under a directory file.
Do not contain other files.
In long-format output of ls -l, this type of file is specified by the “-” symbol.
2. Directories – Directories store both special and ordinary files. For users familiar with
Windows or Mac OS, UNIX directories are equivalent to folders. A directory file contains an
entry for every file and subdirectory that it houses. If you have 10 files in a directory, there will
be 10 entries in the directory. Each entry has two components.
(1) The Filename
(2) A unique identification number for the file or directory (called the inode number)
information which you would work with (such as text). Basically, just
used for organizing files.
20. In long-format output of ls –l , this type of file is specified by the “d” symbol.
3. Special Files – Used to represent a real physical device such as a printer, tape drive or
terminal, used for Input/Output (I/O) operations. Device or special files are used for device
Input/Output(I/O) on UNIX and Linux systems. They appear in a file system just like an ordinary
file or a directory.
On UNIX systems there are two flavors of special files for each device, character special files
and block special files :
When a character special file is used for device Input/Output(I/O), data is transferred one
character at a time. This type of access is called raw device access.
When a block special file is used for device Input/Output(I/O), data is transferred in large
fixed-size blocks. This type of access is called block device access.
For terminal devices, it’s one character at a time. For disk devices though, raw access means
reading or writing in whole chunks of data – blocks, which are native to your disk.
In long-format output of ls -l, character special files are marked by the “c” symbol.
In long-format output of ls -l, block special files are marked by the “b” symbol.
4. Pipes – UNIX allows you to link commands together using a pipe. The pipe acts a temporary
file which only exists to hold data from one command until it is read by another.A Unix pipe
provides a one-way flow of data.The output or result of the first command sequence is used as
the input to the second command sequence. To make a pipe, put a vertical bar (|) on the
command line between two commands.For example: who | wc -l
In long-format output of ls –l , named pipes are marked by the “p” symbol.
5. Sockets – A Unix socket (or Inter-process communication socket) is a special file which
allows for advanced inter-process communication. A Unix Socket is used in a client-server
application framework. In essence, it is a stream of data, very similar to network stream (and
network sockets), but all the transactions are local to the filesystem.
In long-format output of ls -l, Unix sockets are marked by “s” symbol.
6. Symbolic Link – Symbolic link is used for referencing some other file of the file
system.Symbolic link is also known as Soft link. It contains a text form of the path to the file it
references. To an end user, symbolic link will appear to have its own name, but when you try
reading or writing data to this file, it will instead reference these operations to the file it points to.
If we delete the soft link itself , the data file would still be there.If we delete the source file or
move it to a different location, symbolic file will not function properly.
21. In long-format output of ls –l , Symbolic link are marked by the “l” symbol (that’s a lower case
L).