SELinux Boosts Server Security

 
 
By Jason Brooks  |  Posted 2004-05-03 Email Print this article Print
 
 
 
 
 
 
 

The Security Enhanced Linux package helps lock down net-facing servers.

Security enhanced Linux, a set of kernel modifications and utilities initially developed by the National Security Agency, bolsters the security of Linux systems by enabling administrators to more finely tune data and process permissions. SELinux enforces mandatory access control policies, which limit user and application privileges to the minimum required to do the job. In contrast, most operating systems have DAC (discretionary access control) schemes in which a process has access to everything available to the user who launched it.

By limiting processes to the resources they require, administrators can limit the damage done by compromised or misbehaving applications—for example, a process with root privileges has free reign over a DAC system.

eWEEK Labs tested SELinux with the second test release of Red Hat Inc.s Fedora Core 2, updated with the latest packages available through the Fedora development package repository.

Click here to read eWEEK Labs review of Fedora Core 2. The Fedora line is Red Hats bleeding-edge Linux distribution, and it will be among the first distributions to ship with SELinux by default when its released later this month.

SELinux can be installed on any Linux distribution, but having a preinstalled, distribution-specific SELinux implementation makes testing and using the system much easier.

Red Hat officials said the company will include SELinux in Red Hat Enterprise Linux 4, which is expected to ship in the first quarter of next year, and work has been done to integrate SELinux with the Debian and Gentoo distributions of Linux as well.

SELinux works with the LSM (Linux Security Modules) framework, a feature that was added to the kernel with the 2.6 release. Linux 2.4 kernels may be patched to support LSM and SELinux.

SELinux uses a system of policies that describe roles for applications and users. There are policies covering each application and data object on an SELinux machine. This system of policies is complicated, and the need for checking rights against SELinuxs security manager imposes additional overhead, currently about 7 percent, as reported by testers. The SELinux code hasnt been speed-optimized, but some level of overhead is unavoidable.

Work remains to be done writing policies for applications other than those that ship with Fedora by default. SELinux contains a utility called audit2allow, against which administrators can run their applications to help automate the policy-writing process.

Web resources

  • NSAs SELinux site
    www.nsa.gov/selinux

  • Tips for writing SELinux policy
    lurking-grue.org/WritingSELinuxPolicyHOWTO.pdf

  • The UnOfficial SELinux FAQ
    crypt.gen.nz/selinux/faq.html

  • SELinux Mailing List Archives
    marc.theaimsgroup.com/?l=selinux

  • Fedora Core 2 test2 SELinux FAQ
    people.redhat.com/kwade/fedora-docs/selinux-faq-en

  • The Fedora SELinux Mailing List Archives
    listman.redhat.com/archives/fedora-selinux-list
  • SELinux may be configured to run in active, permissive and disabled modes. In active mode, SELinux will deny access not provided by policy. In permissive mode, SELinux logs access violations but allows them; this mode is important for writing policies and seeing how SELinux behaves without disturbing usage.

    In Fedora Core 2, these modes are configurable from a new tab in the firewall configuration tool, and users have the option of choosing the initial SELinux state during installation.

    The Fedora team has chosen to ship Fedora Core 2 with SELinux disabled by default because it will take time to see how SELinux interacts with the full range of applications that users run on their Linux systems.

    Because of the complexity of SELinuxs policies, the program at first will work best with servers that are exposed to the public Internet and that operate a small number of separate services. In these machines, SELinux supplies the tougher security from which Internet-facing machines can best benefit.

    That these servers run a clearly prescribed set of applications will make it easier for administrators to manage the policies required to run them. On individual workstations located behind a firewall, the added administration and system resource overhead decreases the attractiveness of SELinux at this point.

    Senior Analyst Jason Brooks can be reached at jason_brooks@ziffdavis.com.

    Check out eWEEK.coms Linux & Open Source Center at http://linux.eweek.com for the latest open-source news, reviews and analysis.
    Be sure to add our eWEEK.com Linux news feed to your RSS newsreader or My Yahoo page:  
     
     
     
     
    As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. Jason's coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at jbrooks@eweek.com.
     
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...
     
    Manage your Newsletters: Login   Register My Newsletters























     
     
     
     
     
     
     
     
     
     
     
    Rocket Fuel