Results 1 to 10 of 10

Thread: Noob questions about selinux

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    6

    Noob questions about selinux

    First a short introduction, then for the questions:
    Hi I am fairly new to linux. I started with slackware 12 just after it came out. I have an understanding of basic bash commands. I just successfully compiled and installed the 2.6.24 kernel for the first time.

    Why I am here, I like playing with computers. Ive always had windows until this last year. I thought I would try linux and started with knoppix. I found irongeek and he got me interested in security. I later set up a dual boot xp/slackware. Prior I knew nothing about security. I had windows firewall and av. I thought that was all I needed. Well, I downloaded and tried ettercap. One day I left ettercap running and walked away for some time. Hours later I discovered two other people's name and passwords. Two other people had been on my home network. I had no idea for how long or what they saw. I had file sharing on with sensitive info I had backed up on my wife's computer through our network. I was quite alarmed and immediately turned off the wireless part of the router. It was through that experience I decided I had better learn more about security. I started with installing shorewall firewall with all ingress turned off. I have done numerous tests to see what ports are open and how to close them.

    Now that I have introduced myself, now for my questions.
    I was considering recompiling my kernel with selinux. I thought that would be easier since I don't know how to patch my kernel with selinux. I wanted a little feed back from people who use selinux and weather it it right for me. I started reading the papers on selinux from nsa and redhad and it seem quite exhaustive and alot to learn including lots of acronyms and new terms.

    ok ok enough rambling now for the questions,
    1. I have a family network of three computes, should I be using selinux? Or Is it more geared towards the corporate structure?

    2. I was a little fearful that if I recompile my kernel with selinux that it will mess up my system. There does not seem to be much support for installing it on slackware.

    3. Is it very intrusive and inhibiting. Will I have to change selinux everytime I install from source?

    4. What is pam? I read two forums where they want selinux but without pam.

    5. Since selinux looks at every object (file) will I need to spend quite a bit of time setting it up to enable everything I am currently using as a user. In other words, will I run into lots of problems with lots of objects disabled?

    The reason I am a little unsure about it and maybe my fears are for nothing, is because I don't want to mess up my system. I don't want to have to spend time reinstalling everything again.

    Thanks
    C

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi, and welcome to AO,

    I have moved your thread into the Linux/Unix forum as I think you might get a better response there

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Well written post - it's a pleasure to try to answer your questions.


    In short:


    1) You don't need selinux. It's geared towards environments with the
    the need for mandatory access controls[1].

    2) If you really want to play with selinux, there is excellent support
    with Fedora Core (and others, I guess).

    3) I don't know, but probably.

    4) PAM can be run with selinux, but needs a specific module (pam_selinux.so).
    PAM and selinux are orthogonal (see below)!

    5) Yes.




    More lengthy answer:


    Selinux provides mandatory access control to an operating system.
    Windows and *nix usually come with discretionary access control[2],
    which suits perfectly the requirements of most installations.


    Supporting MAC in your environment is like breaking a butterfly on a wheel.
    I did set up selinux on a bastion host[3] - compartmentalization of applications
    makes perfectly sense, but really is work. Here, however, I recommend the
    usual linux-hardening steps ("How to secure harden Slackware filetype:pdf")


    I want to mention that the selinux-kernel extension does not provide a
    reference monitor[4] to the operating system (I read that one somewhere).
    selinux-enforcement can be disabled (setenforce 0) and thus
    does not fulfill the definition of a reference monitor.


    PAM[5] is a mechanism to integrate multiple authentication schemes
    into some public interface that can be used by developers in order to
    simplify the implementation of their authentication functionality.
    In order to run PAM with selinux, you need an specific module (pam_selinux.so),
    which comes with Fedora Core out-of-the-box. Actually, this is a good
    opportunity to refer to triple-A[6].



    I just found this tutorial[7]. Skimming through it, it makes a good
    impression.

    /edit:
    Just a recommendation: If you like to play around with computers,
    consider installing VMWare Server (works perfectly with Windows XP).
    It's free and allows running virtual computers.


    Cheers


    [1] http://en.wikipedia.org/wiki/Mandatory_access_control
    [2] http://en.wikipedia.org/wiki/Discret...access_control
    [3] http://antionline.com/showthread.php?t=270999
    [4] http://en.wikipedia.org/wiki/Reference_monitor
    [5] http://en.wikipedia.org/wiki/Pluggab...cation_Modules
    [6] http://en.wikipedia.org/wiki/AAA_protocol
    [7] http://linux.0ms.eu/?p=13237
    Last edited by sec_ware; March 4th, 2008 at 02:29 PM.
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  4. #4
    Senior Member isildur's Avatar
    Join Date
    Feb 2003
    Posts
    166
    In response to your fears about what was found by ettercap, I would say you really just need to adjust your router settings. I assume you have wireless turned on with no encryption or key set. As you have discovered this is a mistake. I assume someone was just using your free wifi and it is probably unlikely that anyone actually got on your Slack system. I would check the services you have turned on to make sure nothing is on that shouldn't be. If it is, turn it off. Check the accounts have secure passwords.

    On Pam, I would point out that Slack does not use it and Patrick Volkerding is not likely to add it until some security concerns are corrected. There are some tutorials on adding it, actually if you add dropline gnome, it will install pam (or it used to, I have not used it in a few years.)
    Only trust Pipe-smoking Penguins.

  5. #5
    Junior Member
    Join Date
    Mar 2008
    Posts
    6
    sec_ware,
    Thanks for the info. I bet you spent alot of time putting this together.
    According to your last link [7] it seems that under selinux you have to set up a policy for every program. The example was the astrisk daemon in the blog. That would take an extensive amount of time.
    Here, however, I recommend the
    usual linux-hardening steps ("How to secure harden Slackware filetype")
    Where can I download the pdf doc?
    I googled ,"How to secure harden Slackware " but I don't think I found what you were specifically referring to. Could you link to it?

    I assume you have wireless turned on with no encryption or key set. As you have discovered this is a mistake.
    I turned off the wireless settings on my router. And yes I had no encription. That was before I knew better.

    Thanks guys.

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    I bet you spent alot of time putting this together.
    That's the way I write posts usually. There should be
    some content, even if I do not exactly target the request
    of the thread starter. I better spend 15 min on something
    than 5 times 2 min on nothing...

    Where can I download the pdf doc?
    I was specifically refering to a document here[1], however
    it does not seem to be available anymore. I am sure there
    is someone here who can provide you with a good reference.
    Check also the security tutorial here on this site.
    You may start a new thread if your question about how to
    harden a linux system has not been answered yet.


    isildur mentioned a couple of good points. In order to
    see what "the guys outside" see, you may scan your PC
    from outside[2], and close open ports by stopping unnecessary
    services[3] (netstat, ...).


    Cheers


    [1] http://www.infoanarchy.org/en/Slackware
    [2] http://security.symantec.com, http://www.grc.com/intro.htm (shieldsup), http://nmap-online.com/
    [3] http://www.slackware.com/config/
    Last edited by sec_ware; March 5th, 2008 at 09:57 AM.
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  7. #7
    Senior Member isildur's Avatar
    Join Date
    Feb 2003
    Posts
    166
    Here is another Slack specific site that has a section on security in addition to a lot of other good information.
    http://www.slackbook.org/
    Only trust Pipe-smoking Penguins.

  8. #8
    Junior Member
    Join Date
    Mar 2008
    Posts
    6
    I appreciate the help.
    I will chew on this for a while and let you know what Ive done.
    I started with [1] http://www.infoanarchy.org/en/Slackware
    There are some links there on hardening slack

    Thanks again

  9. #9
    Junior Member
    Join Date
    Mar 2008
    Posts
    6
    I found what seems to be a great link on hardening slackware 10.
    Perhaps this is the link sec_ware was referring to:
    http://transamrit.net/docs/sysHarden...ening-10.2.txt

  10. #10
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Quote Originally Posted by crusader100
    I found what seems to be a great link on hardening slackware 10.
    Perhaps this is the link sec_ware was referring to:
    http://transamrit.net/docs/sysHarden...ening-10.2.txt
    Although SELinux does not provide a true reference monitor, it does give some advantages when used to compartmentalize the system. In some cases, it can remove path to root without removing root priveleges. Unforunately, as was mentioned, it is a module on a monolithic kernel, which certainly does not give the security of a reference monitor on a microkernel.
    Real security doesn't come with an installer.

Similar Threads

  1. Asking smart questions
    By pwaring in forum Other Tutorials Forum
    Replies: 60
    Last Post: October 22nd, 2004, 09:15 PM
  2. Read Me First
    By Negative in forum The Security Tutorials Forum
    Replies: 12
    Last Post: June 2nd, 2004, 01:09 AM
  3. about mozilla
    By moonstar550 in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: April 10th, 2004, 02:03 AM
  4. Spy Sweeper- OpenSite spyware???
    By al1aprize in forum Spyware / Adware
    Replies: 23
    Last Post: March 15th, 2004, 01:24 AM
  5. Frequent Questions from the Boards
    By valhallen in forum Newbie Security Questions
    Replies: 7
    Last Post: October 6th, 2003, 09:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •