Though Linux is regarded as a very secure OS, its security is not military grade. To create a very secure OS, the NSA (National Security Agency,a part of US Department of Defense) and SCC (Secure Computing Corporation) designed an OS security architecture in 1992-93. This was gradually adopted into an OS prototype called Fluke. Its objective was to provide flexible support for different security policies over the traditional Unix security architecture. Another team from the University of Utah, called the Utah Flex team, also joined the Fluke project and the final outcome was Flask, which is a security-enhanced version of the Fluke OS. It is this Flask architecture that is now being implemented in Linux and is called SE Linux (Security Enhanced Linux). With this move, the technology has been transferred to the Linux community of developers and users. NSA expects that SE Linux will be a trusted OS when combined with other levels of security and reliabilities, such as auditing and documentation.
|
Now let's see how SE Linux works. To understand this let's consider a scenario. Say, you have a Linux server with lots of confidential data and to secure it you have given data access only to the root user. However, this machine also has regular users logging in using Telnet to access their data. Now suppose, one of the users manages to get hold of the root password, and gains root privileges running the su command after logging in through Telnet. All your machine's security is gone!
With SE Linux, users get another layer of security through ACLs (Access Control Lists) and a new concept, which identifies users by security contexts. So when you Telnet into the Linux box, you have to first provide a user name and password. Then, if you need root access, you 'su' from the Telnet terminal. In regular Linux, you'll be given access with root privileges.
|
However, with SE Linux, even if you 'su' as root, you will still have the same security context as used when logging into the Telnet session. You will not be able to access anything you aren't authorized for. This is achieved by implementing some policies and roles over the standard user-level security of Linux. Let's see how to install SE Linux and define these roles and policies for users.
SE Linux is now available for Linux distros, such as Fedora, Gentoo and Debian. We used Fedora Core 2 since it comes with SE Linux built-in. It's not too difficult to install FC 2 with SE Linux. Place the first FC 2 CD in the drive and boot from it. At the Installation Boot prompt, type 'selinux' and press Enter. This will start the installation with SE Linux. When we did a 'full installation' of, SE Linux installed without any problems. However, when we did a 'workstation' install, the SE Linux policy source didn't install. This is very important for creating your own policies. So, if you do a 'custom' install, then look for a folder '/etc/security/selinux/src'. If it's not there, then the SE Linux policy source hasn't been installed. You will then need to install the 'policy-source' rpm from the second FC 2 CD.
After the installation run the 'id' command from a terminal window. This will give the following output.
context=root:sysadm_r:sysadm_t
Here, the user ID is 'root', 'sysadm_r' is the role assigned to you and 'sysadm_t' is the domain on which you will be able to run any process (for these terms read the box). Depending on your need you can have more than one role and domain combination. For instance, you can configure a user to be in sysadm_t domain when logged on locally, but when he logs on over SSH, he will only be able to get into the user_t domain.
To create new users and policies, create a new user, say 'seuser', who will be a member of the 'users' group and assign a password to him as:
#useradd -c “SE Linux user” -m -g users seuser
#passwd user
Now you have to assign a role to this user. For this open the file called/etc/security/selinux/src/policies/users using a text editor, scroll down to the bottom and add the following line.
'user seuser roles { user_r };'
Now the user configurations are set, but the profile is not created. So run
#make -C/etc/security/selinux/src/ policy load
This will compile, create and load your modified policies. To check whether it's working, re-login as 'seuser' and type 'id' from a terminal window. It should show something like this:
context:seuser:user_r_user_t
Now, you have successfully created a new user and assigned it a proper role. Next month, we will see how you can create you own roles and domains.
Anindya Roy