Linux Kernel Security (it is necessary).
Linux
kernel is the central component of Linux operating systems. It is responsible
for managing the system's resources, the communication between hardware and
software and security. Kernel play a critical role in supporting security at
higher levels. Unfortunately, stock kernel is not secured out of box. There are
some important Linux kernel patches to secure your box. They differ
significantly in how they are administered and how they integrate into the
system. They also allow for easy control of access between processes and objects,
processes and other processes, and objects and other objects. The following
pros and cons list is based upon my personal experience.
1)
SE Linux
2)
AppArmor
3)
Grsecurity
SELinux
Security-Enhanced Linux (SELinux) is a Linux feature that provides
a variety of security policies for Linux kernel. It is included with CentOS /
RHEL / Fedora Linux, Debian / Ubuntu, Suse, Slackware and many other distributions.
A video introduction to SELinux for mere
mortals:
While Security-Enhanced Linux (SELinux) is an incredibly
powerful tool for securing Linux servers, it has a reputation for being
difficult to configure. As a result, many system administrators would simply
turn it off. Fortunately, the incredible amount of work completed by the
SELinux community in recent years has made SELinux much more system
administrator-friendly.
In this session, Thomas Cameron explains the basics of SELinux, which include configuring, analyzing, and correcting SELinux errors, as well as writing basic policies to enable non-SELinux-aware applications to work on SELinux-protected systems. Real-world examples will be used to better demonstrate how to use SELinux.
In this session, Thomas Cameron explains the basics of SELinux, which include configuring, analyzing, and correcting SELinux errors, as well as writing basic policies to enable non-SELinux-aware applications to work on SELinux-protected systems. Real-world examples will be used to better demonstrate how to use SELinux.
SELinux features
1. Clean separation of policy from enforcement
2. Well-defined policy interfaces
3. Support for applications querying the policy and enforcing
access control
4. Independent of specific policies and policy languages
5. Independent of specific security label formats and contents
6. Individual labels and controls for kernel objects and services
7. Caching of access decisions for efficiency
8. Support for policy changes
9. Separate measures for protecting system integrity (domain-type)
and data confidentiality (multilevel security)
10. Very flexible policy
11. Controls over process initialization and inheritance and
program execution
12. Controls over file systems, directories, files, and open file
descriptors
13. Controls over sockets, messages, and network interfaces
14. Controls over use of "capabilities"
Pros and Cons
• Admin skill set (learning curve) - High
• Complex and powerful access control mechanism - Yes
• Detailed configuration required - Yes
• GUI tools to write / modify rules set - Yes
• CLI tools to write / modify rules set - Yes
• Ease of use - No (often described as horrible to use)
• Binary package - Available for most Linux distributions
• System performance impact: None
• Security Framework: Mandatory access controls using Flask
• Auditing and logging supported - Yes
• Typical user base - Enterprise users
• Documentation - Well documented
AppArmor
AppArmor (Application Armor) is another security software for
Linux which maintained and released by Novell under GPL. AppArmor was created
as an alternative to SELinux. AppArmor works with file paths. According to
official Novell FAQ:
AppArmor is default in OpenSUSE and Suse Enterprise Linux. It was
first successfully packaged for Ubuntu Linux.
The core of the security problem is that most software contains
latent bugs, and many of these bug can be exploited by attackers to cause the
software to do something undesirable to the victim's computer. To block this
threat, one can either use only perfect software (of which there is a shortage
:) or use a security system to control what software may and may not do. The
problem is that such systems are historically very difficult to use.
AppArmor is an application security system that directly attacks
the ease of use problem, making it possible for widespread adoption by
developers, system administrators, and users. AppArmor provides for security
profiles (policies) that specify the the files that a given program may read,
write, and execute, and provides tools to quickly and automatically generate
these profiles.
This presentation will briefly introduce the AppArmor system, and
then spend much of the time showing how to best use AppArmor to confine
applications and protect systems. AppArmor is pure GPL software, and is
available for SUSE, Slackware, Ubuntu, Gentoo, and Red Hat Linux.
Securing Linux with
AppArmor:
1. Full integration.
2. Easy deployment.
3. AppArmor includes a full suite of console and YaST-based tools
to help you develop, deploy and maintain application security policies.
4. Protects the operating system, custom and third-party
applications from both external and internal threats by enforcing appropriate
application behavior.
5. Reporting and alerting. Built-in features allow you to schedule
detailed event reports and configure alerts based on user-defined events.
6. Sub-process confinement. AppArmor allows you to define security
policies for individual Perl and PHP scripts for tighter Web-server security.
Pros and Cons
• Complex and powerful access control mechanism - Yes.
• Detailed configuration required - Yes.
• GUI tools to write / modify rules set - Yes (yast2 and wizards).
• CLI tools to write / modify rules set - Yes.
• Ease of use - Yes (often described as less complex and easier
for the average user to learn than SELinux).
• Binary package - Available for Ubuntu / Suse / Opensuse and
distros.
• System performance impact - None.
• Security Framework - Mandatory access controls.
• Auditing and logging supported - Yes.
• Typical user base - Enterprise users.
•
Documentation - Documented (mostly available from Opensuse and Suse enterprise
Linux).
Grsecurity
Grsecurity is a set of patches for the Linux kernel with an
emphasis on enhancing security. It utilizes a multilayered detection,
prevention, and containment model. It is licensed under the GPL.
Video on Gentoo Grsecurity Published
on Oct 25, 2012
The talk gives an overview on how
Open Source Security works, and how Gentoo in particular handles
vulnerabilities. You will get to know the tools that are available to ensure
your packages are safe and an outline on other efforts made within Gentoo to
enhance the safety and security of your system.
1. An intelligent and robust Role-Based Access Control (RBAC)
system that can generate least privilege policies for your entire system with
no configuration
2. Change root (chroot) hardening
3. /tmp race prevention
4. Extensive auditing
5. Prevention of arbitrary code execution, regardless of the technique
used (stack smashing, heap corruption, etc)
6. Prevention of arbitrary code execution in the kernel
7. Randomization of the stack, library, and heap bases
8. Kernel stack base randomization
9. Protection against exploitable null-pointer dereference bugs in
the kernel
10. Reduction of the risk of sensitive information being leaked by
arbitrary-read kernel bugs
11. A restriction that allows a user to only view his/her
processes
12. Security alerts and audits that contain the IP address of the
person causing the alert
Pros and Cons
• Complex and powerful access control mechanism - No (it is
simpler to administer than other two implementations. Also, policies are
simpler to create, since there are no roles or complicated domain/file transitions).
• Detailed configuration required - No (works in learning mode).
• GUI tools to write / modify rules set - No.
• CLI tools to write / modify rules set - Yes (gradm tool).
• Ease of use - Yes.
• Binary package - Available for Ubuntu / RHEL / CentOS / Debian
distros.
• System performance impact - None.
• Security Framework - Mandatory access controls (precisely, it is a RBAC implementation)
using access control lists.
• Auditing and logging supported - Yes.
• Typical user base - Webserver and hosting companies.
• Documentation - unfortunately, is not well documented.
Conclusion:
All
three offers very good protection
and one can select them based upon the following simple criteria:
•
New user / ease of use : Grsecurity
•
Easy to understand policy and tools : AppArmor
• Most
powerful access control mechanism : SELinux
Drs. Albert Spijkers
DBA Consulting
web: http://www.dbaconsulting.nl
blog: DBA Consulting blog
profile: DBA Consulting profile
Facebook : DBA Consulting on Facebook
0 reacties:
Post a Comment