Though Linux is regarded as a very secure OS, its security is not military
grade. To create a very secure OS, the NSA (National Security Agency,a part of
US Department of Defense) and SCC (Secure Computing Corporation) designed an OS
security architecture in 1992-93. This was gradually adopted into an OS
prototype called Fluke. Its objective was to provide flexible support for
different security policies over the traditional Unix security architecture.
Another team from the University of Utah, called the Utah Flex team, also joined
the Fluke project and the final outcome was Flask, which is a security-enhanced
version of the Fluke OS. It is this Flask architecture that is now being
implemented in Linux and is called SE Linux (Security Enhanced Linux). With this
move, the technology has been transferred to the Linux community of developers
and users. NSA expects that SE Linux will be a trusted OS when combined with
other levels of security and reliabilities, such as auditing and documentation.
|
Now let's see how SE Linux works. To understand this let's consider a
scenario. Say, you have a Linux server with lots of confidential data and to
secure it you have given data access only to the root user. However, this
machine also has regular users logging in using Telnet to access their data. Now
suppose, one of the users manages to get hold of the root password, and gains
root privileges running the su command after logging in through Telnet. All your
machine's security is gone!
With SE Linux, users get another layer of security through ACLs (Access
Control Lists) and a new concept, which identifies users by security contexts.
So when you Telnet into the Linux box, you have to first provide a user name and
password. Then, if you need root access, you 'su' from the Telnet terminal. In
regular Linux, you'll be given access with root privileges.
|
However, with SE Linux, even if you 'su' as root, you will still have the
same security context as used when logging into the Telnet session. You will not
be able to access anything you aren't authorized for. This is achieved by
implementing some policies and roles over the standard user-level security of
Linux. Let's see how to install SE Linux and define these roles and policies for
users.
SE Linux is now available for Linux distros, such as Fedora, Gentoo and
Debian. We used Fedora Core 2 since it comes with SE Linux built-in. It's not
too difficult to install FC 2 with SE Linux. Place the first FC 2 CD in the
drive and boot from it. At the Installation Boot prompt, type 'selinux' and
press Enter. This will start the installation with SE Linux. When we did a 'full
installation' of, SE Linux installed without any problems. However, when we did
a 'workstation' install, the SE Linux policy source didn't install. This is very
important for creating your own policies. So, if you do a 'custom' install, then
look for a folder '/etc/security/selinux/src'. If it's not there, then the SE
Linux policy source hasn't been installed. You will then need to install the
'policy-source' rpm from the second FC 2 CD.
After the installation run the 'id' command from a terminal window. This will
give the following output.
context=root:sysadm_r:sysadm_t
Here, the user ID is 'root', 'sysadm_r' is the role assigned to you and 'sysadm_t'
is the domain on which you will be able to run any process (for these terms read
the box). Depending on your need you can have more than one role and domain
combination. For instance, you can configure a user to be in sysadm_t domain
when logged on locally, but when he logs on over SSH, he will only be able to
get into the user_t domain.
To create new users and policies, create a new user, say 'seuser', who will
be a member of the 'users' group and assign a password to him as:
#useradd -c “SE Linux user” -m -g users
seuser
#passwd user
Now you have to assign a role to this user. For this open the file
called/etc/security/selinux/src/policies/users using a text editor, scroll down
to the bottom and add the following line.
'user seuser roles { user_r };'
Now the user configurations are set, but the profile is not created. So run
#make -C/etc/security/selinux/src/ policy
load
This will compile, create and load your modified policies. To check whether
it's working, re-login as 'seuser' and type 'id' from a terminal window. It
should show something like this:
context:seuser:user_r_user_t
Now, you have successfully created a new user and assigned it a proper role.
Next month, we will see how you can create you own roles and domains.
Sourced from: PCQuest