Security, SeLinux Flashcards
Why is complete security in computer systems unattainable?
- complexity of modern computing systems introduces vulnerabilities
- including hardware and software flaws and human error
- attack vectors and hacks
What is the patch cycle?
- 3/4 stages
- a vulnerability is discovered or published
- the team prepares and publishes a security patch
- the users install the updated software patch
Why do security researches publish vulnerabilities?
and why is patching promptly important?
To force vendors to fix their products
It helps to minimise damage/impact as the longer a vulnerability is known about and not fixed the more malicious actors can exploit it.
What are zero-day vulnerabilities and how can we defend against zero day attacks?
vulnerabilities that were discovered on the day, for which there is no patch available, can be exploited in potent attacks.
- They often can’t be prevented but we can limit the damage they do by using host defenses.
What is the Principle of Least Protection (PoLP) ?
How does it help to reduce damage?
What can it be applied to?
- states that users, applications and systems should be given the minimum levels of access necessary to complete the tasks required of them.
- helps to reduce the impact of zero day attacks/compromised accounts as attackers have limited access
- It can be applied to user rights, network connections and data access.
What is Sandboxing?
Give a popular example:
- Running programs within contexts called sandboxes that limit their capabilities (as per PoLP)
- A hacker only gains access to the capabilities afforded by the sandbox
- SeLinux, this uses a concept called MAC to limit the capabilities of programs
What does SELinux stand for and what is it?
Security Enhanced Linux is a MAC framework implemented by the linux kernel.
- it provides fine grained sandboxing to minimise the impact of compromised systems.
What is Discretionary Access Control (DAC)?
- Linux by default employs DAC, where a program runs with the permissions of the user executing it.
- e.g. an admin can perform admin tasks, but regular user accounts can’t.
- permissions are set on a discretionary basis by the user
- This can lead to security risks if a program is compromised by hackers
What is Privilege Escalation?
Within a DAC setup, root/non-root user separation divides privleges.
- OS’ typically provide 2 primary levels of authorisation: one for ordinary users and one for the system administrator.
- in linux this is root and non-root
What does this linux command do: ‘ls -l’
This command displays the permissions of files and directories. For example, ls -l myfile.txt will display the permissions for myfile.txt. -rwxr-xr-x 1 user group 1234 Feb
What does this linux command do: ‘chmod’
This command changes the permissions of a file or directory. For example, chmod 755 myfile.txt will set the permissions of myfile.txt to read, write, and execute for the owner, and read and execute for the group and others.
What does this linux command do: ‘sudo’
this command allows a user to execute a command as the superuser (a.k.a. root user) or another user. For example, sudo chmod 755 myfile.txt will change the permissions of myfile.txt as the superuser.
How are file permissions represented in linux systems ?
What does 755 represent
- As 3 digit numbers, each digiti represents the cumulative permissions for the owner, owner’s group and others
- the number is calculated using: read (r) is 4, write (w) is 2, and execute (x) is 1.
- Therefore, 755 represents the permissions rwx-xr-x:
What is Mandatory Access Control (MAC)?
How is MAC achieved using RHEL:
A type of access control where the OS constraints the ability of a subject to access or perform operations on an a target.
- users don’t have much control over the access control of their files. The admin sets this.
- RHEL uses SELinux to achieve MAC
Describe the SELinux labelling system:
- Every process, file/directory object in the OS has a label
- network ports, devices and host names may also have labels
- Rules are written to control the access of a process label to an object label. These rules are known as policies.
- the kernel enforces these rules
What are the SELinux 3 modes?
*In Enforcing mode, SELinux policies are enforced and access violations are logged
*In Permissive mode, SELinux polices aren’t enforced but access violations are logged
*In Disabled mode, SELinux is disabled and no access violations are logged
What is type enforcement in SELinux?
- the primary model of enforcement, involves assigning labels to processes based on their type, and assigning labels to objects based on their type.
- everything is denied by default, processes can only access objects if there is a policy or rule in place
Give a example of type enforcement in SELinux, using cats, dogs and cat_chow and dog_chow:
- cats and dogs are two process types
- cat_chow and dog_chow (types of food) are classes of objects that the processes want to interact with
- an SELinux policy states that a dog has permission to access dog_chow and a cat has permission to access cat_chow.
- written as:
allow cat cat_chow : food eat;
allow dog dog_chow : food eat; - if the dog process tries to access cat_chow, it will be denied permission to.
What is Multi-Category Security Enforcement?
Use the example of multiple dog processes Fido and Spot. We want to prevent Fido from accessing Spot’s dog_chow (object)
- we could create new labels e.g. fido_dog and fido_dog_chow but this isn’t scalable
- instead we use MCS: we add another section to the label that can be applied to the dog process and dog_chow objects.
- updating the labels to be: dog:random1 (Fido), dog:random2(Spot)
- then update the objects with these parameters: dog_chow:random1 (Fido) and dog_chow:random2 (Spot)
- SELinux states that access is only allowed if the labels match exactly.
- so Fido (dog:random1) attempting to eat cat_chow:food is denied by type enforcement.
What is multi-level security?
Use the example of different dog breeds Greyhound and a Chihuahua, where greyhound dominates the chihuahua breed
- another SELinux measure used to control processes based on the data level they use.
- e.g. a process with ‘secret’ level clearance cannot access ‘top-secret’ data
- instead of differentiating between different dogs, use different breeds
- can label the Greyhound as dog:Greyhound and its food as dog_chow:Greyhound and the Chihuahua can be labelled as dog:Chihuahua and its food as dog_chow:Chihuahua.
- the dog:Greyhound label dominates the dog:Chihuahua label, meaning a process with the dog:Greyhound label is allowed to access both dog_chow:Greyhound and dog_chow:Chihuahua.
- the dog:Greyhound and dog:Chihuahua are still prevented from accessing cat_chow:Siamese due to type enforcement. This is true even if the MLS type Greyhound dominates Siamese.
