In today's lesson we're going to talk about SELinux and we're going to discuss what SELinux is, why we don't just turn it off, and how it also provides least privilege. Problems with traditional Discretionary Access Control or DAC. We actually have a few problems with it. The first one is administrators cannot control what every user does. So if a user wants to set permissions on their own software or on their own files, they can do that no problem. File permissions and ACLs can't protect you against everything in that case. So read, writes executes all those ACLs can be managed by the individual users. Processes can also change the permissions of files or other processes which may give them elevated privileges. Compromised software may also have access to change permissions within the operating system. So for example if you have a compromised SSH process, for example, it might do other things to other parts of the system. SELinux was first designed by the National Security Agency. It stands for Security Enhanced Linux and its Linux answer to Mandatory Access Control or what we call MAC. So DAC stands for Discretionary Access Control, and MAC stands for Mandatory Access Control. It's built into the Linux kernel as Version 2.6. Primarily it's used on Red Hat type distributions but it also can be implemented into other Linux distributions as well. However, later versions of Red Hat, such as CentOS, already have this installed and turned on to enforcing. So Linux... SELinux breakdown. It's denied by default, it's Mandatory Access Control. So Mandatory Access Control says I'm going to deny anything that I don't know, it provides least privilege. So if we change a file for example, and we modify the ACL on that file, we're only allowed to do what the SELinux allows us to do, essentially. Another benefit to SELinux is we log everything. So every change, every allow, we have great troubleshooting tools within SELinux to figure out what's going on and who has access to what. We can only allow one exception at a time as well. So whenever we make a file change, we have to tell SELinux, let's or if it's not allowed, we have to tell SE Linux to look at that file again. We have three different modes with SELinux. The first one is enforcing, and that one is implementing the Mandatory Access Control on the entire machine. Users cannot bypass it. Everything is logged and everything is denied by default. So the next one is going to be our permissive mode. Our permissive mode says allow everything but log an audit as well. And then our third one is disabled. We don't want to set this at all. We want to make sure that we have at least something that says here's what things I'm accessing, here's what people are doing to the system, so don't disable SELinux if it's turned on. So types of enforcement. There are four different types of enforcement with SELinux. The primary control is going to be our type based enforcement and that's using targeted policies. Next is Role Based Access Control and that's based on users. So if a user belongs to a certain group, let's say that they belong to a confidential group. Users of that group may be allowed to access certain confidential marked items. The next is Multi-level Security, and finally Multi-categories Security. These two types of enforcement aren't used as much, but they provide multiple ways to enforce Mandatory Access Control on processes and files. They are also used in the targeted policy. The features and benefits of SELinux are numerous, but more specifically, three things. The policies are separate from the enforcement. We have great logging enabled which means that we can understand what users are doing and we can act on enforcement, if they're too rigid. Also, we have great troubleshooting tools that allow us to see what's going on, what's allowed and what's not allowed. Controls much of the OS, so SELinux can manage processes, it can manage files, it can really take control of a system and lock it down to the point that we need to have systems locked down. So think about a bank, for example, a web server and we need a certain access to certain things. Well what if an attacker decides to break into that server? Mandatory Access Control could limit the data breach that may happen. The problem with SELinux are also seen, so Mandatory Access Control takes time to implement. And if you're making many modifications to the operating system, like adding files or adding processes, SELinux takes time and you have to allow it for all those exceptions to be made-- It is complex. There's a book on SELinux that's about that thick, 400 page book that says here's all the contexts that we need to think about, and change if we're going to be modifying different parts of the operating system. If you make a change to any part of the file system, you still have to make sure that SELinux knows about it because it's Mandatory Access Control. If we don't set permissions on a file or a process it's not going to be allowed. Typical usage, we've seen this on web servers, we see it on file servers. It's baked into all the newer Red Hat type distributions to provide that Mandatory Access Control to anybody, without installing any extra packages. So in conclusion, SELinux is a very powerful tool but we need to use it with caution because it is... it does lock the system down to the point that we need to have high security. However, it is complex.
