From Fedora Project Wiki
(→‎Feedback and Suggestions: adding feedback from Linux Users Victoria mailing list)
(→‎Feedback and Suggestions: adding suggestions from domg472)
Line 4: Line 4:


* Is SELinux enabled by default on Debian? If not, link to appropriate information (probably found on http://wiki.debian.org/)
* Is SELinux enabled by default on Debian? If not, link to appropriate information (probably found on http://wiki.debian.org/)
Suggestions from domg472:
<pre>
Basic access control models ( DAC , MAC ) ( not so basic MDAC )
explain discretionary
explain the dac model attributes: user group permission bits
explain why dac acl is not sufficient. example privilege escalation
explain the mac model attributes: security context
explain mandatory
explain that MAC is ACL layer on top of the DAC ACL layer
explain Type enforcement
explain Role Based AC
explain Multi Level Security
Explain Multi Category/Compartment Security
compare a selinux system to a submarine with compartments. if one compartment has a leak, the water will be contained to that compartment and will not be able to spread ( escalate) . submarine will not sink
Security context / SELinux attributes
explain the security context tuple and how to read it (explain the fields)
explain user ( which SELinux user (group) created the object? )
explain type is the attribute for type enforcement (TE)
explain role is the attribute for role enforcement (RBAC)
explain security level is the attribute for security level enforcement (MLS)
explain categories/compartments is the attribute for security level enforcement or category/compartment enforcement (MLS or MCS)
Subjects and objects ( processes and "files" )
explain that everything in a system is a object
explain that even subjects in a system are represented as objects in proc mountpoint
explain subjects and objects
explain subjects are processes (ps auxZ)
explain objects are "files" (ls -alZ)
- file objects ( files , lnk files, dirs, fifo files, sock files etc)
- port objects
- interface objects
- node objects
- objects available by other programs ACE access control extension: XACE, sepostgesql, SEDBUS, mscd, etc.
- explain object is a class defined in kernel :process :file :tcp_socket
example of a class: process. example of a class: file
explain domain type is the attribute of a process ( user_t is (user) domain type/attribute of "user"
explain object type is the attribute of a object or "file". do not mistake files with file objects/file types. a "file" is any object
explain that a object type can never be a scontext ( source context ) in a avc denail
explain that processes (subjects) generally operate on files (objects)
explain that processes (subjects) also operate on other processes (subjects) example: process ( sigchld ) if a user processes spawns a program process.
explain that "files" ( objects ) do not operate. they get operated on by subjects ( processes )
explain permissions that define how to operate on subjects and objects ( classes ) are defined in the kernel and are attributes of classes
explain classes and their attributes are static defined in kernel:
- example of a file object class and its attributes:
+ file read
+ dir write
+ lnk_file getattr
- example of a subject class and its attributes:
+ process sigchld
- example of a object available by other programs ACL
+ dbus send_msg
explain that although classes and their attributes are defined in the kernel, that one can assign "types" to subjects and objects, and that one can define policy for these types can interact using the object classes and their attributes supplied by the kernel.
example:
scontext/domain type/subject  |  tcontext/file type/object  |  "object" class      |  "object" permissions/attributes
___________________________________________________________________________________________________________________________
user_t                        |  user_home_t                |  dir                |  getattr
httpd_t                      |  httpd_sys_content_ra_t      |  file                |  read
user_t                        |  mozilla_t                  |  process            |  sigchld
user_t                        |  self                        |  process            |  transition
mozilla_t                    |  httpd_port_t                |  tcp_socket          |  connect
unconfined_t                  |  cupsd_t                    |  dbus                |  send_msg
How to find out if selinux is supported /enabled:
supported?: http://domg444.blogspot.com/2007/11/how-to-determine-if-our-system-supports.html
enabled?: getenforce /selinux/config sestatus
explain selinux framework and selinux policy. explain the selinux framework is responsible for enforcing policy.
explain the access vector cache.
perruse selinux packages ( rpm -ql ) and discuss important locations : /etc/selinux , /selinux
How to disable SELinux: i refer to dwalsh blog. some highlights selinux=0 , enforcing=0, setenforce 0, system-config-selinux, semanage
system-config-selinux is a GUI for semanage. semanage is THE central managing point for SELinux administration:
label file objects ( semanage fcontect -a)
label port objects ( semanage port -a) etc
explain each optipn of semanage and system-config-selinux: label interfaces, set booleans, add , modify, delete selinux user (groups) and SELinux logins.
explain translation ( requires mcstransd )
explain what mcstransd does
explain what restorecond does
explain auditd connection to selinux ( explain ausearch /auctl )
show some pratical examples for managing users. add a unconfined user , add a confined user , add a staff users, assign mcs categories to user (ranges)
create custom selinux user groups
create custom selinux logins
explain booleans
explain customizable types
mention manual pages for targeted daemons.
explain audit2allow
explain audit2why
explain sesearch and how you can use this to make decisions
explain semodule, sestatus , restorecon , semanage, setenforce , getenforce
explain limitations of chcon
explain advantage of chcon
explain chcat
explain selinux-policy-devel ( /usr/share/selinux/devel/Makefile )
show example how to make a custom policy module
explain the limitations of a policy module package
explain the advantages of a policy module package
explain role base access control and derrived types.
explain star and selinux tar support (exmaples)
important: Possible problems caused from running in permissive mode, such as having permissions to mislabel files.
important: Copying Vs moving files.
explain avc denials field by field.
explain advantage and limitation of sealert/setroublehoot and how this relates to audit.
explain file_t, unlabeled_t
explain initrc_t
explain unconfined_t
explain sepolgen and gui
explain why /tmp will not be relabled: http://domg444.blogspot.com/2007/11/why-files-with-incompatible-types-in.html
read selinux by example book
explain the MLS vs TARGETED
explain mcs role in targetted versus mcs role in mls
</pre>

Revision as of 00:01, 20 July 2008

Feedback and Suggestions

Feel free to add any suggestions or corrections here. Thanks :)

  • Is SELinux enabled by default on Debian? If not, link to appropriate information (probably found on http://wiki.debian.org/)

Suggestions from domg472: 

Basic access control models ( DAC , MAC ) ( not so basic MDAC )



explain discretionary

explain the dac model attributes: user group permission bits

explain why dac acl is not sufficient. example privilege escalation

explain the mac model attributes: security context

explain mandatory

explain that MAC is ACL layer on top of the DAC ACL layer

explain Type enforcement

explain Role Based AC

explain Multi Level Security

Explain Multi Category/Compartment Security



compare a selinux system to a submarine with compartments. if one compartment has a leak, the water will be contained to that compartment and will not be able to spread ( escalate) . submarine will not sink



Security context / SELinux attributes



explain the security context tuple and how to read it (explain the fields)

explain user ( which SELinux user (group) created the object? )

explain type is the attribute for type enforcement (TE)

explain role is the attribute for role enforcement (RBAC)

explain security level is the attribute for security level enforcement (MLS)

explain categories/compartments is the attribute for security level enforcement or category/compartment enforcement (MLS or MCS)



Subjects and objects ( processes and "files" )



explain that everything in a system is a object

explain that even subjects in a system are represented as objects in proc mountpoint

explain subjects and objects

explain subjects are processes (ps auxZ)

explain objects are "files" (ls -alZ)

- file objects ( files , lnk files, dirs, fifo files, sock files etc)

- port objects

- interface objects

- node objects

- objects available by other programs ACE access control extension: XACE, sepostgesql, SEDBUS, mscd, etc.

- explain object is a class defined in kernel :process :file :tcp_socket

example of a class: process. example of a class: file

explain domain type is the attribute of a process ( user_t is (user) domain type/attribute of "user"

explain object type is the attribute of a object or "file". do not mistake files with file objects/file types. a "file" is any object 

explain that a object type can never be a scontext ( source context ) in a avc denail

explain that processes (subjects) generally operate on files (objects)

explain that processes (subjects) also operate on other processes (subjects) example: process ( sigchld ) if a user processes spawns a program process.

explain that "files" ( objects ) do not operate. they get operated on by subjects ( processes )

explain permissions that define how to operate on subjects and objects ( classes ) are defined in the kernel and are attributes of classes

explain classes and their attributes are static defined in kernel: 

- example of a file object class and its attributes:

+ file read

+ dir write

+ lnk_file getattr

- example of a subject class and its attributes:

+ process sigchld

- example of a object available by other programs ACL

+ dbus send_msg

explain that although classes and their attributes are defined in the kernel, that one can assign "types" to subjects and objects, and that one can define policy for these types can interact using the object classes and their attributes supplied by the kernel.



example:



scontext/domain type/subject  |  tcontext/file type/object   |   "object" class      |  "object" permissions/attributes

___________________________________________________________________________________________________________________________

user_t                        |  user_home_t                 |   dir                 |  getattr

httpd_t                       |  httpd_sys_content_ra_t      |   file                |  read

user_t                        |  mozilla_t                   |   process             |  sigchld

user_t                        |  self                        |   process             |  transition

mozilla_t                     |  httpd_port_t                |   tcp_socket          |  connect

unconfined_t                  |  cupsd_t                     |   dbus                |  send_msg





How to find out if selinux is supported /enabled:

supported?: http://domg444.blogspot.com/2007/11/how-to-determine-if-our-system-supports.html

enabled?: getenforce /selinux/config sestatus



explain selinux framework and selinux policy. explain the selinux framework is responsible for enforcing policy.

explain the access vector cache.

perruse selinux packages ( rpm -ql ) and discuss important locations : /etc/selinux , /selinux



How to disable SELinux: i refer to dwalsh blog. some highlights selinux=0 , enforcing=0, setenforce 0, system-config-selinux, semanage



system-config-selinux is a GUI for semanage. semanage is THE central managing point for SELinux administration:

label file objects ( semanage fcontect -a)

label port objects ( semanage port -a) etc

explain each optipn of semanage and system-config-selinux: label interfaces, set booleans, add , modify, delete selinux user (groups) and SELinux logins.

explain translation ( requires mcstransd )

explain what mcstransd does

explain what restorecond does

explain auditd connection to selinux ( explain ausearch /auctl )



show some pratical examples for managing users. add a unconfined user , add a confined user , add a staff users, assign mcs categories to user (ranges)

create custom selinux user groups

create custom selinux logins



explain booleans

explain customizable types

mention manual pages for targeted daemons.



explain audit2allow

explain audit2why

explain sesearch and how you can use this to make decisions

explain semodule, sestatus , restorecon , semanage, setenforce , getenforce

explain limitations of chcon

explain advantage of chcon

explain chcat



explain selinux-policy-devel ( /usr/share/selinux/devel/Makefile )

show example how to make a custom policy module

explain the limitations of a policy module package

explain the advantages of a policy module package



explain role base access control and derrived types.



explain star and selinux tar support (exmaples)



important: Possible problems caused from running in permissive mode, such as having permissions to mislabel files. 

important: Copying Vs moving files. 



explain avc denials field by field.

explain advantage and limitation of sealert/setroublehoot and how this relates to audit.



explain file_t, unlabeled_t

explain initrc_t

explain unconfined_t

explain sepolgen and gui



explain why /tmp will not be relabled: http://domg444.blogspot.com/2007/11/why-files-with-incompatible-types-in.html



read selinux by example book



explain the MLS vs TARGETED

explain mcs role in targetted versus mcs role in mls
Retrieved from "https://fedoraproject.org/w/index.php?title=Docs/Drafts/SELinux_User_Guide/SELinux_Feedback&oldid=40596"