Contents III: Contents II: Contents: Rule Set Based Access Control (RSBAC) 4.2 Model Specifics 5.2 AUTH



Similar documents
Rule Set Based Access Control (RSBAC)

Secure to the Core: The Next Generation Secure Operating System from CyberGuard

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Hacking Database for Owning your Data

Getting Started with the Linux Intrusion Detection

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Windows Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.

Capability-Based Access Control

EXPLORING LINUX KERNEL: THE EASY WAY!

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

RH033 Red Hat Linux Essentials or equivalent experience with Red Hat Linux..

Safety measures in Linux

Windows 7, Enterprise Desktop Support Technician

Linux Overview. The Senator Patrick Leahy Center for Digital Investigation. Champlain College. Written by: Josh Lowery

WirelessOffice Administrator LDAP/Active Directory Support

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

TELE 301 Lecture 7: Linux/Unix file

Worms, Trojan Horses and Root Kits

CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS

Installing VMware Tools on Clearswift v4 Gateways

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION

Creating Home Directories for Windows and Macintosh Computers

CIS433/533 - Computer and Network Security Operating System Security

CIS 551 / TCOM 401 Computer and Network Security

How To Set Up A Macintosh With A Cds And Cds On A Pc Or Macbook With A Domain Name On A Macbook (For A Pc) For A Domain Account (For An Ipad) For Free

IceWarp to IceWarp Server Migration

CSE543 - Introduction to Computer and Network Security. Module: Reference Monitor

Active Directory Requirements and Setup

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Linux FTP Server Setup

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

CMPT 471 Networking II

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

The current version installed on your server is el6.x86_64 and it's the latest available.

VMware ESX Server 3 Configuration Guide

F-Secure Internet Gatekeeper Virtual Appliance

Intrusion Detection using the Linux Audit Framework. Stephen Quinney School of Informatics University of Edinburgh

Confining the Apache Web Server with Security-Enhanced Linux

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Configuring the Active Directory Plug-in

What Is Ad-Aware Update Server?

An Introduction to the Linux Command Shell For Beginners

Kollaborate Server Installation Guide!! 1. Kollaborate Server! Installation Guide!

CSE 265: System and Network Administration. CSE 265: System and Network Administration

escan SBS 2008 Installation Guide

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Medical Networks and Operating Systems

Sophos Anti-Virus for Linux user manual

Secure Shell Demon setup under Windows XP / Windows Server 2003

IT6204 Systems & Network Administration. (Optional)

Request Manager Installation and Configuration Guide

Oracle VM Server Recovery Guide. Version 8.2

Locking down a Hitachi ID Suite server

Crystal Quality Business Optimization System Installation Guide

BM482E Introduction to Computer Security

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

LBSEC.

Virtualization System Security

Linux Security Ideas and Tips

Unit objectives IBM Power Systems

What is included in the ATRC server support

GFI White Paper PCI-DSS compliance and GFI Software products

Software that provides secure access to technology, everywhere.

Computer Security: Principles and Practice

CSE 265: System and Network Administration

Directions for VMware Ready Testing for Application Software

User Guide - escan for Linux File Server

DeployStudio Server Quick Install

VPNSCAN: Extending the Audit and Compliance Perimeter. Rob VandenBrink

BSA Best Practices Webinars Role Based Access Control Sean Berry Customer Engineering

CIS 551 / TCOM 401 Computer and Network Security. Spring 2005 Lecture 4

WWPass External Authentication Solution for IBM Security Access Manager 8.0

The Trivial Cisco IP Phones Compromise

Table of Contents Introduction and System Requirements 9 Installing VMware Server 35

inforouter V8.0 Server & Client Requirements

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Configuring Security for FTP Traffic

CSE 265: System and Network Administration. CSE 265: System and Network Administration

CSE331: Introduction to Networks and Security. Lecture 34 Fall 2006

Installing GFI Network Server Monitor

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

CRYPTUS DIPLOMA IN IT SECURITY

Know Your Enemy: A Forensic Analysis

INSTALLATION GUIDE VERSION

Linux Security on HP Servers: Security Enhanced Linux. Abstract. Intended Audience. Technical introduction

1. What is this? Why would I want it?

TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

Section 12 MUST BE COMPLETED BY: 4/22

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Cloud Security:Threats & Mitgations

Transcription:

Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension Tutorial Amon Ott <ao@rsbac.org> Contents: 1 Motivation: Why We Need Better Security in the Linux Kernel 2 Overview of RSBAC 3 How to Identify Security Requirements on a Server 3.1 System Base 3.2 Services 3.3 Users, User IDs and Paths 3.4 Logging Contents II: 4 Selecting a Security Model Combination 4.1 General Criteria 4.2 Model Specifics 4.3 Experiences 5 Breaking the Requirements into Model Specific Designs 5.1 Base Protection and Service Encapsulation 5.2 AUTH 5.3 FF 5.4 RC 5.5 ACL 5.6 Logging Contents III: 6 Hands-On Part 6.1 Select Simple Server Type 6.2 Specify Requirements 6.3 Select Models 6.4 Design a Configuration 6.5 Implement It 7 Ending It Up 7.1 Conclusion: What We Learned 7.2 How to Go On 7.3 Open End with Questions

1 Motivation Classic Linux/Unix Access Control is insecure Small Granularity Read, write and execute for owner(?), group and others is not enough Discrete Control Trust in users Who is owner of data? Malware: Invitation to Trojans and Viruses Superuser root Full Access Too often needed (Bind low ports etc.) Too many exploits (root kits, kernel module attacks etc.) Better models for other administration goals Flexible Model selection and combination 2 Overview of RSBAC (External Presentation) 3 How to Identify Security Requirements on a Server 3.1 System Base 3.2 Services 3.3 Users, User IDs and Paths 3.4 Logging 3.1 Requirements: System Base Filesystem Structure Modification often leads to denial of service -> Find crucial elements, e.g. /bin, /etc, /boot, /var Executables Liable to virus or trojan infection, possible denial of service -> Identify all (dirs with) executables in the system to be protected /bin, /usr/bin, /sbin, /usr/sbin, several dirs under /usr/lib,... -> Specify, what files should *not* be executed What is not protected should never be executed, so best chose everything else Libraries Same as executables, but different access patterns Files *.so*, some subdirs, e.g. /usr/lib/apache

3.1 Requirements: System Base II Configuration Files Modification can lead to illegal accesses or denial of service -> identify all crucial (dirs with) configuration files Kernel Objects Kernel Images Kernel Module Files Allow only those to be loaded System.map Raw Memory Should never be accessed Devices Raw access can bypass access control and lead to almost any problem -> Identify all devices, which can be used to compromise the system (/dev/hda, /dev/mem,...) 3.1 Requirements: System Base III Authentication data Crucial for security -> Identify programs which may read or even modify for all users -> e.g. /bin/login, /usr/bin/passwd, /usr/sbin/user{add mod del} -> Optional: Account Manager user who may read or even modify Other Objects boot files ioports / direct hardware access (X server etc.) log files... 3.2 Requirements: Services Protection of and against all services Local services maintain functionality Identify all local services you need (and turn all others off) Network services make servers, but are their main vulnerability Identify all network services you need (and turn all others off) Identify objects and access patterns for each service Don t worry: a rough approximation gives a good start 3.3 Requirements: Users, User IDs and Paths Identify all user types of the system Local and remote users What services do they use? Find all user IDs needed by each service Service users and running IDs (wwwrun etc.) Ranges of IDs usable Identify the user ID paths User login paths (who logs in through which service) Chains of IDs used by services

3.4 Requirements: Logging Detect attacks Provide user accountability (who did what) Provide a modification history etc. -> Identify the users, programs, objects and accesses you would like to know about 4 Selecting a Security Model Combination 4.1 General Criteria 4.2 Model Specifics 4.3 Experiences 4.1 Model Selection: General Criteria Only consider models you really understand Think how each model could meet your requirements *before* choosing -> Feedback from requirement break down to models Keep it simple: Choose only those models that really give you a benefit Do not choose subset models with superset models - you will get confused Develop a personal order in which to apply each model from easiest to most difficult 4.2 Model Selection: Model Specifics AUTHorization Use for all user ID related things, e.g. to restrict login paths Quite simple Essential File Flags (FF) Use for filesystem object protection which is common for all users Pretty simple Recommended for directory structure protection Role Compatibility (RC) Use for all users and objects, which can be generalized into roles and types Use for program based administration Medium level Strongly recommended because of role/type generalization

4.2 Model Selection: Model Specs II Access Control Lists (ACL) Use whenever you need rights for individual users or objects Use, if you also need discretionary control or individual user groups Medium level, but difficult to keep setup overview Recommended for uses named above Other Models: MAC, FC, SIM, PM, MS Only use for specific needs In most cases not recommended Not treated here 4.3 Model Selection: Experiences Typical Combination: AUTH and RC, with a bit of FF ACL mostly unused 5 Breaking the Requirements into Model Specific Designs 5.1 Base Protection and Service Encapsulation 5.2 AUTH 5.3 FF 5.4 RC 5.5 ACL 5.6 Logging 5.1 Base Protection and Service Encapsulation Base Protection: Service independent protection of the system base Protect identified system base (see 3.1: Base requirements) Infrastructure and fallback for service encapsulation Strongly recommended Service Encapsulation: Sandbox around each individual service Minimum access rights For remote access and root account services strongly recommended Other services optional No strict separation Service encapsulation uses Base Protection infrastructure

5.2 Requirements to AUTH: User ID paths Define setuid capabilities for all programs Follows directly from 3.3: User ID requirements 5.3 Requirements to FF: Base protection only Filesystem infrastructure Set no_rename_or_delete on all important dirs and files (not inherited), e.g. /etc, /bin, /usr/bin, /boot,... Protect executables, libraries, configuration files, kernel objects and boot files Set flags search_only (only applied on dirs) and read_only Optional: set execute_only on binary executables (scripts need READ_OPEN etc.) Protect against execution of uncontrolled files Unset flag add_inherited on all objects named above Set flag no_execute on / (or e.g. /home only) Service encapsulation not possible 5.4 Requirements to RC Protect executables, libraries, configuration files, kernel objects, boot files and /tmp dirs Define one RC file/dir type for each group Remove unneccessary rights to these types from all defined roles Optional: Define new role Configuration Only role with write access to configuration files Assign to config user or make System Admin role compatible with it Optional: Define new role Module Loader Only role allowed to load modules Can only read libraries and type Modules Set as initial role for insmod etc. Set types for the protected objects Protect against execution of uncontrolled files Remove EXECUTE right to all types except executables and libraries 5.4 Requirements to RC II Protect devices Define RC device types, e.g. Raw Disk Define RC roles for specific tasks, e.g. Raw Disk Access for fsck Remove unneccessary rights to these types from all defined roles Assign specific task roles to programs Set types for the protected objects Authentication data Define RC file/dir types Account Data and Auth Data Define RC roles Authenticate and Change Auth Data Set rights: All roles may read account data (e.g. /etc/passwd) Role Authenticate may also read Auth Data Change Auth Data may read and write Account Data and Auth Data Assign roles to identified programs as initial roles or forced roles Optional: Assign role Change Auth Data to user Account Manager

5.4 Requirements to RC III Service encapsulation Define RC role(s) for service Copy existing role, e.g. General User Define RC file/dir types for service specific data Log dirs, data, file server areas etc. Set role rights: Access own types as necessary SEARCH, READ_OPEN, READ, CLOSE and EXECUTE libraries Only SEARCH General Type for path resolution Optional: read and write on /tmp dirs (try to avoid) No access to other FD types Device type access as required Assign roles to service users or program file (root services) User s default role or program file initial / forced role Optional: Define default process create type for role Protect against signals and tracing by others 5.5 Requirements to ACL Protect executables, libraries, configuration files, kernel objects, boot files and /tmp dirs Set inheritance mask to filter out unneccessary rights to these objects Protect against execution of uncontrolled files Explicitly grant SEARCH, READ_OPEN, READ, CLOSE and EXECUTE right for group Everyone to all executables and libraries Remove EXECUTE right from FD :DEFAULT: Protect devices Set inheritance mask to filter out unneccessary rights to these objects Explicitly grant necessary accesses for special task users (or groups / RC roles), e.g. for fsck 5.5 Requirements to ACL II Authentication data Only user, group or RC role based protection possible Set inheritance mask to filter out unneccessary rights to these objects Explicitly grant necessary accesses for special task users (or RC roles) Service encapsulation Only user, group or RC role based protection possible Group everyone might have to be replaced by a controlled group Set service user rights: Access own dirs/files as necessary SEARCH, READ_OPEN, READ, CLOSE and EXECUTE libraries Only SEARCH :DEFAULT: for path resolution Optional: read and write on /tmp dirs (try to avoid) No access to other FD objects Device access as required 5.6 Requirements to Logging Setup Set individual logging for identified objects and requests Set individual user and program logging for identified requests Use RSBAC own logging source at /proc/rsbac-info/rmsg for untamperable logging

6 Hands-On Part 6.1 Select Simple Server Type: Webserver, Proxy Server, Mail or File Server? 6.2 Specify Requirements Filesystem Structure Executables Libraries Configuration Files Kernel Objects Devices Authentication data Other Objects 6 Hands-On Part II 6.3 Select Models 6.4 Design a Configuration 6.5 Implement It 7 Ending It Up 7.1 Conclusion: What We Learned 7.2 How to Go On 7.3 Open End with Questions Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension Amon Ott <ao@rsbac.org> Thank you!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information