\def\lximg{/usr/share/lx/icons/fueller.png} \input{configpres} \subsection{Extended Security Features} \title{Extended Security Features} \maketitle \def\lximg{none} \begin{frame} \frametitle{Contents} \tableofcontents \end{frame} % ---------------------------- \subsubsection{File Access} \begin{frame}[fragile] \frametitle{Basic File Permissions} \begin{itemize} \item For each File or Directory \item Access Mode: \\ Read, Write, Execute (Entry) \item Access Role: \\ User, Group, Other \item Special: \\ Set UID, Set GID, Sticky \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Access Control List (ACL)} \begin{itemize} \item More Users and Groups \item Round up Groups \item Tools: \\ setfacl, getfacl \item Requires: \\ mount \dots -o acl \item Pitfalls: \\ Not all tools like tar support ACLs \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{ACL: Example} \begin{itemize} \item Sue, Bob and Henry working together on ProjectX. Sue and Henry are members of group \emph{dept\_a}, and Bob is member of group \emph{dept\_b}. \item Q: Do we really need another group \emph{project\_x} with members Sue, Bob and Henry? \item A: Not mandatorily. \end{itemize} \begin{beamerboxesrounded}[shadow=true]{Alternative Solution:} \begin{tiny} \begin{verbatim} $ mkdir /data/shared/project_x $ chown pm_admin:pm_admin /data/shared/project_x $ setfacl -m user:sue:rwx /data/shared/project_x $ setfacl -m user:bob:rwx /data/shared/project_x $ setfacl -m user:henry:rwx /data/shared/project_x \end{verbatim} \end{tiny} \end{beamerboxesrounded} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{ACL: Example (2)} \begin{beamerboxesrounded}[shadow=true]{Result:} \begin{tiny} \begin{verbatim} $ getfacl /data/shared/project_x # file: data/shared/project_x/ # owner: pm_admin # group: pm_admin user::rwx user:sue:rwx user:bob:rwx user:henry:rwx group::r-x mask::rwx other::r-x \end{verbatim} \end{tiny} \end{beamerboxesrounded} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Extended File Attributes} \begin{itemize} \item More File Attributes \item a - append only \item i - immutable \item s - Override with zeros on delete \item Tools: \\ lsattr, chattr \item Requires: \\ root or mount \dots -o user\_xattr \item Pitfalls: \\ Not all tools like tar support xattr \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{xattr: Example} \begin{itemize} \item Q: You want to check what user Franz is typing on commandline? \item A: Look at /home/franz/.bash\_history \item But Franz is clever and deletes /home/franz/.bash\_history \item Q: How can I prevent that? \end{itemize} \begin{beamerboxesrounded}[shadow=true]{Solution:} \begin{tiny} \begin{verbatim} $ sudo chattr +a /home/franz/.bash_history $ lsattr /home/franz/.bash_history -----a-------e-- /home/franz/.bash_history $ rm /home/franz/.bash_history rm: cannot remove `/home/franz/.bash_history': Operation not permitted \end{verbatim} \end{tiny} \end{beamerboxesrounded} \end{frame} % ---------------------------- \subsubsection{Process} \begin{frame}[fragile] \frametitle{Process Isolation} \begin{itemize} \item Separate Address Space \item Isolated Filesystem (chroot) \item Address Space Layout Randomization \item Namespaces (Mount, UTS, IPC, PID, Network, and User) \end{itemize} \end{frame} % ---------------------------- \subsubsection{Advanced Resource Access Control} \begin{frame}[fragile] \frametitle{Linux Security Modules} \begin{itemize} \item Implement Mandatory Access Control \item SELinux, AppArmor, Tomoyo \dots \item Context sensitive Resource Access \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Domain} \begin{itemize} \item Domain transition for each starting Process \item Default: Inherit previous Domain \item Note: Domains are unique \end{itemize} \begin{beamerboxesrounded}[shadow=true]{Example:} \begin{small} \begin{verbatim} /sbin/init /etc/rc.d/rc /sbin/init /etc/rc.d/rc.sysinit /etc/rc.d/rc \end{verbatim} \end{small} \end{beamerboxesrounded} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Domain Transition Management} \begin{itemize} \item Control Domain Transition Behavior \item Syntax: \\ \begin{verbatim} from \end{verbatim} \item Directives: \begin{itemize} \item initialize\_domain / no\_initialize\_domain \item keep\_domain / no\_keep\_domain \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Profile} \begin{itemize} \item Profiles define Domain restriction behavior \item Profile Relation to Domain: n..m \item Up to 255 Profiles \item Profile Modes: \begin{itemize} \item disabled, learning, permissive, enforcing \end{itemize} \item Logging \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Policy} \begin{itemize} \item Policies describe Domain restrictions \item Policy for each Domain \item Directives: \begin{itemize} \item file (read, write, execute, append, chown, chgrp, create, mkfifo, \dots) \item misc env \item network inet (stream, dgram, raw) \item network unix (stream, dgram, seqpacket) \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Tools} \begin{itemize} \item tomoyo-editpolicy \item tomoyo-selectpolicy \item tomoyo-patternize \item tomoyo-diffpolicy \item tomoyo-sortpolicy \item tomoyo-loadpolicy \end{itemize} \end{frame} % ---------------------------- \subsubsection{Others} \begin{frame}[fragile] \frametitle{Others} \begin{itemize} \item Linux Integrity Subsystem (IMA/EVM) \item Signed Kernel Modules \item Singed Repositories (apt, yum, \dots) \end{itemize} \end{frame} % ---------------------------- \subsection{} \input{tailpres}