SELinux
(OBJ .)
SELinux and MAC Basics
-
SELinux (Security Enhanced Linux)
- A security mechanism that provides an additional layer of security for Linux distributions
- See Managing SELinux Security
- Enforces Mandatory Access Control (MAC)
-
Mandatory Access Control (MAC)
- Restricts access to system resources based on subject clearance and object labels
-
Context-based permissions
- Permission schemes that consider various properties to determine whether to grant or deny access to a user
-
Two main context-based permission schemes in Linux that use MAC
- SELinux
- AppArmor
-
DAC vs. MAC
- DAC (Discretionary Access Control)
- Each object has a list of entities that are allowed to access it
- Allows object owners to directly control access using tools like '
chown' and 'chmod'
- SELinux relies on MAC for permissions and access control, not DAC
- DAC (Discretionary Access Control)
SELinux
- The default context-based permission scheme in CentOS and Red Hat Enterprise Linux created by NSA
- Used to enforce MAC on processes and resources
- Enables information to be classified and protected
- Enhances file system and network security, preventing unauthorized access, security breaches, and execution of untrustworthy programs
Three Main Contexts in SELinux
- User Context
- Defines which users can access an object, including common contexts like '
unconfined_u,' 'user_u,' 'sysadm_u,' and 'root'
- Defines which users can access an object, including common contexts like '
- Role Context
- Determines which roles can access an object, using '
object_r' for files and directories
- Determines which roles can access an object, using '
- Type Context
- Essential for fine-grained access control, grouping objects with similar security characteristics
Optional Context
- Level Context
- Describes the sensitivity level of a file, directory, or process
- Known as a multi-level security context, allowing further access control refinement
SELinux Modes
- Disabled Mode
- Turns off SELinux, relying on default DAC for access control
- Enforcing Mode
- Enforces all SELinux security policies, preventing policy violations
- Permissive Mode
- Enables SELinux but doesn't enforce policies, allowing processes to bypass security policies
SELinux Policies
- SELinux Policy
- Describes access permissions for users, programs, processes, files, and devices
- Two Main Policy Types
- Targeted Policies
- Only specific processes are confined to a domain, while others run unconfined
- Strict Policies
- Every subject and object operates under MAC, but it's more complex to set up
- Targeted Policies
Violation Messages
- SELinux captures violation messages in an audit log
- Violations can occur when someone tries to access an unauthorized object, or an action contradicts an existing policy
Policy Configuration
- Initial SELinux setup may result in false violations, requiring policy tweaking and fine-tuning
- Strong security depends on creating effective restricted profiles and hardening applications to prevent malicious attacks