Advertisment
Implementation Guides

Enhancing Security in Linux

author-image
PCQ Bureau
New Update

Though Linux is regarded as a very secure OS, its security is not military grade. To create a very secure OS, the NSA (National Security Agency,a part of US Department of Defense) and SCC (Secure Computing Corporation) designed an OS security architecture in 1992-93. This was gradually adopted into an OS prototype called Fluke. Its objective was to provide flexible support for different security policies over the traditional Unix security architecture. Another team from the University of Utah, called the Utah Flex team, also joined the Fluke project and the final outcome was Flask, which is a security-enhanced version of the Fluke OS. It is this Flask architecture that is now being implemented in Linux and is called SE Linux (Security Enhanced Linux). With this move, the technology has been transferred to the Linux community of developers and users. NSA expects that SE Linux will be a trusted OS when combined with other levels of security and reliabilities, such as auditing and documentation. 

Advertisment
Direct

Hit!
Applies to: Security and network administrators
USP:

Install an additional security layer on your Linux server
Links:

www.nsa.gov/selinux, www.cs.utah.edu/flux/fluke/html/index.html 

Now let's see how SE Linux works. To understand this let's consider a scenario. Say, you have a Linux server with lots of confidential data and to secure it you have given data access only to the root user. However, this machine also has regular users logging in using Telnet to access their data. Now suppose, one of the users manages to get hold of the root password, and gains root privileges running the su command after logging in through Telnet. All your machine's security is gone!

With SE Linux, users get another layer of security through ACLs (Access Control Lists) and a new concept, which identifies users by security contexts. So when you Telnet into the Linux box, you have to first provide a user name and password. Then, if you need root access, you 'su' from the Telnet terminal. In regular Linux, you'll be given access with root privileges.

Advertisment
Must

Know Terms For Se Linux

Identity: Identity is somewhat like traditional Unix UID. In case of SE Linux, even if you 'su' to another user, then also the UID changes, but it is not necessary that the ID will also change. It depends on your role, which will allow the ID to either change or not. 






Context=seuser:user_r:user_t





Domain:
Every process needs a domain to run. A domain determines the actions, which are allowed by a process. And when a user ID is added, it defines the space of operation for you.






Context=seuser:user_r:user_t





Type:
A type is assigned to any object and it determines who gets to access that particular object. The definition for domain is also somewhat the same, but the difference is that a domain applies to a process and, a type applies to objects such as directories and files.



Role: The role defines the domains, which you can enter and use, so if a role is not authorized to enter a domain you won't be able to run the processes in that domain. 





Context=seuser:user_r:user_t





The words in bold in the above examples are the ID, Domain and Role respectively.

However, with SE Linux, even if you 'su' as root, you will still have the same security context as used when logging into the Telnet session. You will not be able to access anything you aren't authorized for. This is achieved by implementing some policies and roles over the standard user-level security of Linux. Let's see how to install SE Linux and define these roles and policies for users. 

SE Linux is now available for Linux distros, such as Fedora, Gentoo and Debian. We used Fedora Core 2 since it comes with SE Linux built-in. It's not too difficult to install FC 2 with SE Linux. Place the first FC 2 CD in the drive and boot from it. At the Installation Boot prompt, type 'selinux' and press Enter. This will start the installation with SE Linux. When we did a 'full installation' of, SE Linux installed without any problems. However, when we did a 'workstation' install, the SE Linux policy source didn't install. This is very important for creating your own policies. So, if you do a 'custom' install, then look for a folder '/etc/security/selinux/src'. If it's not there, then the SE Linux policy source hasn't been installed. You will then need to install the 'policy-source' rpm from the second FC 2 CD. 

Advertisment

After the installation run the 'id' command from a terminal window. This will give the following output.

context=root:sysadm_r:sysadm_t

Here, the user ID is 'root', 'sysadm_r' is the role assigned to you and 'sysadm_t' is the domain on which you will be able to run any process (for these terms read the box). Depending on your need you can have more than one role and domain combination. For instance, you can configure a user to be in sysadm_t domain when logged on locally, but when he logs on over SSH, he will only be able to get into the user_t domain.

Advertisment

To create new users and policies, create a new user, say 'seuser', who will be a member of the 'users' group and assign a password to him as: 

#useradd -c “SE Linux user” -m -g users seuser



#passwd user

Now you have to assign a role to this user. For this open the file called/etc/security/selinux/src/policies/users using a text editor, scroll down to the bottom and add the following line.

Advertisment

'user seuser roles { user_r };' 

Now the user configurations are set, but the profile is not created. So run 

#make -C/etc/security/selinux/src/ policy load

Advertisment

This will compile, create and load your modified policies. To check whether it's working, re-login as 'seuser' and type 'id' from a terminal window. It should show something like this:

context:seuser:user_r_user_t

Now, you have successfully created a new user and assigned it a proper role. Next month, we will see how you can create you own roles and domains.

Anindya Roy

Advertisment