Security offered by SELinux is defined by the policies and its limitations. The policy can control what privileges a process has but will not protect against exploitation of kernel vulnerabilities where writing to kernel memory is permitted.
The blast radius can be reduced by limiting what the process can do. Therefore, care should be taken to design and test policies before they are implemented. An attacker can exploit a legitimate process and SELinux will not detect or protect against exploitation of processes; it will only limit the ability of the process to deviate from its normal behaviour post-exploitation.
These logs need to be aggregated and monitored to provide real detection value for admins. For smaller installations, standard Linux utilities such as auditD , ausearch, and aureport can be used to alert, filter, and report on specific events. Larger deployments typically will employ log management tools for aggregation and alerting. The key takeaway here is that SELinux is a useful security tool for organizations who have the resources and skills needed to manage it.
The benefits of this free utility need to be weighed against the effort to implement, maintain, troubleshoot and tune for performance.
Unfortunately, a poorly understood security tool can become a burden. The two big questions most people ask when it comes to SELinux are: What additional value comes from augmenting SELinux capabilities, taking performance overhead into consideration? Is SELinux really needed when other third party tools can provide more comprehensive security coverage? While SELinux provides granular control over which processes can use which system resources, risks around attackers exploiting legitimate processes and inability to protect against kernel vulnerabilities still exist.
Organizations that have security and compliance needs should likely evaluate other tools to access their need to augment or replace SELinux. SELinux — a boon or bane? SELinux gives you a more secure system through a more secure kernel, in large part due to a MAC implementation.
SELinux does a good job at exposing the sheer complexity of an entire Linux system. An interesting aspect of security is the question "what's it doing? If you are running a web server and it has just been staying up, then you might not know a couple of exploits were even tried against your system. As for private companies, I don't know. If they need the integrity that SELinux brings to the table, then they should. As for Government, there are public sources listing of government projects and the like that seem to point to that MAC is being used, and possible quite heavily.
Government systems, depending on deployment and what information a system holds, have to meet certain criteria before being used. In the end security is really risk management and choosing the right level of effort.
Also security is an on going effort, not something you merely turn on. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Why do we need SELinux? Ask Question.
Asked 11 years, 10 months ago. Active 3 years ago. Viewed 11k times. When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache AVC , where permissions are cached for subjects and objects. If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server.
The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied. There are a number of ways that you can configure SELinux to protect your system. The most common are targeted policy or multi-level security MLS. Targeted policy is the default option and covers a range of processes, tasks, and services. MLS can be very complicated and is typically only used by government organizations.
The file will have a section that shows you whether SELinux is in permissive mode, enforcing mode, or disabled, and which policy is supposed to be loaded.
SELinux works as a labeling system, which means that all of the files, processes, and ports in a system have an SELinux label associated with them. Labels are a logical way of grouping things together. The kernel manages the labels during boot. Labels are in the format user:role:type:level level is optional. Label type is the most important for targeted policy. SELinux uses type enforcement to enforce a policy that is defined on the system. Type enforcement is the part of an SELinux policy that defines whether a process running with a certain type can access a file labeled with a certain type.
You can force the system to automatically relabel the filesystem by creating an empty file named. If the system has too many errors, you should reboot while in permissive mode in order for the boot to succeed.
If a sysadmin is less familiar with the command line, there are graphic tools available that can be used to manage SELinux. SELinux provides an additional layer of security for your system that is built into Linux distributions.
0コメント