词条 | Security-Enhanced Linux |
释义 |
| name = SELinux | title = | logo = SELinux logo.svg | logo caption = | logo_size = 210x232px | logo_alt = | screenshot = SELinux admin.png | caption = SELinux administrator GUI in Fedora v8 | screenshot_size = | screenshot_alt = | collapsible = | author = NSA and Red Hat | developer = Red Hat | released = {{Start date and age|2000|12|22|}}[1] | discontinued = | latest release version = 2.9 | latest release date = {{Start date and age|2019|03|15|df=yes}}[2] | latest preview version = | latest preview date = | programming language = C | operating system = Linux | platform = | size = | language = | language count = | language footnote = | genre = Security, Linux Security Modules (LSM) | license = GNU GPL | website = {{URL|https://selinuxproject.org}}, {{URL|https://nsa.gov/What-We-Do/Research/SELinux/}} | standard = | AsOf = }} Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself, and streamlines the amount of software involved with security policy enforcement.[3][4] The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA). OverviewFrom NSA Security-enhanced Linux Team:[5] NSA Security-Enhanced Linux is a set of patches to the Linux kernel and utilities to provide a strong, flexible, mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering, and bypassing of application security mechanisms, to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals. A Linux kernel integrating SELinux enforces mandatory access control policies that confine user programs and system services, as well as access to files and network resources. Limiting privilege to the minimum required to work reduces or eliminates the ability of these programs and daemons to cause harm if faulty or compromised (for example via buffer overflows or misconfigurations). This confinement mechanism operates independently of the traditional Linux (discretionary) access control mechanisms. It has no concept of a "root" superuser, and does not share the well-known shortcomings of the traditional Linux security mechanisms, such as a dependence on setuid/setgid binaries. The security of an "unmodified" Linux system (a system without SELinux) depends on the correctness of the kernel, of all the privileged applications, and of each of their configurations. A fault in any one of these areas may allow the compromise of the entire system. In contrast, the security of a "modified" system (based on an SELinux kernel) depends primarily on the correctness of the kernel and its security-policy configuration. While problems with the correctness or configuration of applications may allow the limited compromise of individual user programs and system daemons, they do not necessarily pose a threat to the security of other user programs and system daemons or to the security of the system as a whole. From a purist perspective, SELinux provides a hybrid of concepts and capabilities drawn from mandatory access controls, mandatory integrity controls, role-based access control (RBAC), and type enforcement architecture. HistoryThe earliest work directed toward standardizing an approach providing mandatory and discretionary access controls (MAC and DAC) within a UNIX (more precisely, POSIX) computing environment can be attributed to the National Security Agency's Trusted UNIX (TRUSIX) Working Group, which met from 1987 to 1991 and published one Rainbow Book (#020A), and produced a formal model and associated evaluation evidence prototype (#020B) that was ultimately unpublished. SELinux was designed to demonstrate the value of mandatory access controls to the Linux community and how such controls could be added to Linux. Originally, the patches that make up SELinux had to be explicitly applied to the Linux kernel source; SELinux was merged into the Linux kernel mainline in the 2.6 series of the Linux kernel. The NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000.[6] The software was merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Red Hat, Network Associates, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. Security-Enhanced Linux implements the Flux Advanced Security Kernel (FLASK). Such a kernel contains architectural components prototyped in the Fluke operating system. These provide general support for enforcing many kinds of mandatory access control policies, including those based on the concepts of type enforcement, role-based access control, and multilevel security. FLASK, in turn, was based on DTOS, a Mach-derived Distributed Trusted Operating System, as well as on Trusted Mach, a research project from Trusted Information Systems that had an influence on the design and implementation of DTOS. Users, policies and security contextsSELinux users and roles do not have to be related to the actual system users and roles. For every current user or process, SELinux assigns a three string context consisting of a username, role, and domain (or type). This system is more flexible than normally required: as a rule, most of the real users share the same SELinux username, and all access control is managed through the third tag, the domain. The circumstances under which a process is allowed into a certain domain must be configured in the policies. The command Files, network ports, and other hardware also have an SELinux context, consisting of a name, role (seldom used), and type. In the case of file systems, mapping between files and the security contexts is called labeling. The labeling is defined in policy files but can also be manually adjusted without changing the policies. Hardware types are quite detailed, for instance, SELinux adds the Typical policy rules consist of explicit permissions, for example, which domains the user must possess to perform certain actions with the given target (read, execute, or, in case of network port, bind or connect), and so on. More complex mappings are also possible, involving roles and security levels. A typical policy consists of a mapping (labeling) file, a rule file, and an interface file, that define the domain transition. These three files must be compiled together with the SELinux tools to produce a single policy file. The resulting policy file can be loaded into the kernel to make it active. Loading and unloading policies does not require a reboot. The policy files are either hand written or can be generated from the more user friendly SELinux management tool. They are normally tested in permissive mode first, where violations are logged but allowed. The {{Anchor|AVC}}FeaturesSELinux features include:
ImplementationsSELinux has been implemented in Android since version 4.3.[8] Among free community-supported GNU/Linux distributions, Fedora was one of the earliest adopters, including support for it by default since Fedora Core 2. Other distributions include support for it such as Debian as of the Stretch release[9] and Ubuntu as of 8.04 Hardy Heron.[10] As of version 11.1, openSUSE contains SELinux "basic enablement".[11] SUSE Linux Enterprise 11 features SELinux as a "technology preview".[12] SELinux is popular in systems based on linux containers, such as CoreOS Container Linux and rkt.[13] It is useful as an additional security control to help further enforce isolation between deployed containers and their host. SELinux is available as part of Red Hat Enterprise Linux (RHEL) version 4 and all future releases. This presence is also reflected in corresponding versions of CentOS and Scientific Linux. The supported policy in RHEL4 is targeted policy which aims for maximum ease of use and thus is not as restrictive as it might be. Future versions of RHEL are planned to have more targets in the targeted policy which will mean more restrictive policies. Use scenariosSELinux can potentially control which activities a system allows each user, process, and daemon, with very precise specifications. It is used to confine daemons such as database engines or web servers that have clearly defined data access and activity rights. This limits potential harm from a confined daemon that becomes compromised. Command-line utilities include:[14] chcon ,[15]restorecon ,[16]restorecond ,[17]runcon ,[18]secon ,[19]fixfiles ,[20]setfiles ,[21]load_policy ,[22]booleans ,[23]getsebool ,[24]setsebool ,[25]togglesebool [26]
selinux-config-enforcing ,[27]selinuxenabled ,[28]and ExamplesTo put SELinux into enforcing mode:
To query the SELinux status:
Comparison with AppArmorSELinux represents one of several possible approaches to the problem of restricting the actions that installed software can take. Another popular alternative is called AppArmor and is available on SUSE Linux Enterprise Server (SLES), openSUSE, and Debian-based platforms. AppArmor was developed as a component to the now-defunct Immunix Linux platform. Because AppArmor and SELinux differ radically from one another, they form distinct alternatives for software control. Whereas SELinux re-invents certain concepts to provide access to a more expressive set of policy choices, AppArmor was designed to be simple by extending the same administrative semantics used for DAC up to the mandatory access control level. There are several key differences:
Similar systems{{See also|Samsung Knox}}Isolation of processes can also be accomplished by mechanisms such as virtualization; the OLPC project, for example, in its first implementation[32] sandboxed individual applications in lightweight Vservers. Also, the NSA has adopted some of the SELinux concepts in Security-Enhanced Android.[33] General Dynamics builds and distributes PitBull Trusted Computing Platform, a multilevel security enhancement for Red Hat Enterprise Linux. See also
References1. ^{{cite web |title=Security-enhanced Linux available at NSA site - MARC |url=https://marc.info/?l=linux-kernel&m=97749381725894 |website=MARC |accessdate=24 December 2018}} 2. ^{{cite web |url=https://github.com/SELinuxProject/selinux/releases/tag/20190315 |title=SELinux userspace release 20190315 / 2.9 |publisher=SELinux Project |date=2019-03-15 |accessdate=2013-03-17}} 3. ^{{cite web|url=https://www.nsa.gov/what-we-do/research/selinux/faqs.shtml |title=SELinux Frequently Asked Questions (FAQ) - NSA/CSS |publisher=National Security Agency |date= |accessdate=2013-02-06}} 4. ^{{cite web |first=Peter |last=Loscocco |first2=Stephen |last2=Smalley |date=February 2001 |title=Integrating Flexible Support for Security Policies into the Linux Operating System |url=https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/flexible-support-for-security-policies-into-linux-feb2001-report.pdf }} 5. ^{{cite web |url=https://www.nsa.gov/what-we-do/research/selinux/ |title=Security-Enhanced Linux - NSA/CSS |publisher=National Security Agency |date=2009-01-15 |accessdate=2013-02-06}} 6. ^Compare{{cite web|url = https://www.nsa.gov/news-features/press-room/press-releases/2001/se-linux.shtml|title = National Security Agency Shares Security Enhancements to Linux|date = 2001-01-02|work = NSA Press Release|publisher = National Security Agency Central Security Service|location = Fort George G. Meade, Maryland|accessdate = 2011-11-17|quote = The NSA is pleased to announce that it has developed, and is making available to the public, a prototype version of a security-enhanced Linux operating system.}} 7. ^{{cite book| author = Fedora Documentation Project| title = Fedora 13 Security-Enhanced Linux User Guide| url = https://books.google.com/books?id=feDeO4IglRkC| accessdate = 2012-02-22| year = 2010| publisher = Fultus Corporation| isbn = 978-1-59682-215-3| page = 18| quote = SELinux decisions, such as allowing or disallowing access, are cached. This cache is known as the Access Vector Cache (AVC). Caching decisions decreases how often SELinux rules need to checked, which increases performance.}} 8. ^{{cite web | title=Security-Enhanced Linux in Android | accessdate=2016-01-31 | publisher=Android Open Source Project | url=https://source.android.com/security/selinux/}} 9. ^{{cite web|url=https://wiki.debian.org/SELinux|title=SELinux|work=debian.org}} 10. ^{{cite web|url=https://ubuntu-tutorials.com/2008/03/18/how-to-install-selinux-on-ubuntu-804-hardy-heron/|title=How To Install SELinux on Ubuntu 8.04 "Hardy Heron"|work=Ubuntu Tutorials}} 11. ^{{cite web|url=https://news.opensuse.org/2008/08/20/opensuse-to-add-selinux-basic-enablement-in-111/ |title=openSUSE News|work=openSUSE News}} 12. ^{{cite web|url=https://www.novell.com/linux/releasenotes/x86_64/SUSE-SLED/11/#02 |title=Release Notes for SUSE Linux Enterprise Desktop 11 |publisher=Novell |date= |accessdate=2013-02-06}} 13. ^{{cite web|url=https://coreos.com/os/docs/latest/selinux.html |title=SELinux on CoreOS|work=CoreOS Docs}} 14. ^{{cite web|url=https://fedoraproject.org/wiki/SELinux/Commands |title=SELinux/Commands - FedoraProject |accessdate=2015-11-25}} 15. ^{{cite web |url=http://linuxcommand.org/man_pages/chcon1.html |archive-url=https://web.archive.org/web/20041024211853/http://linuxcommand.org/man_pages/chcon1.html |dead-url=yes |archive-date=2004-10-24 |title=chcon |publisher=Linuxcommand.org |date= |accessdate=2013-02-06 }} 16. ^{{cite web|url=http://linux.die.net/man/8/restorecon |title=restorecon(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 17. ^{{cite web|url=http://linux.die.net/man/8/restorecond |title=restorecond(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 18. ^{{cite web|url=http://linux.die.net/man/1/runcon |title=runcon(1) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 19. ^{{cite web|url=http://linux.die.net/man/1/secon |title=secon(1) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 20. ^{{cite web|url=http://linux.die.net/man/8/fixfiles |title=fixfiles(8): fix file SELinux security contexts - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 21. ^{{cite web|url=http://linux.die.net/man/8/setfiles |title=setfiles(8): set file SELinux security contexts - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 22. ^{{cite web|url=http://linux.die.net/man/8/load_policy |title=load_policy(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 23. ^{{cite web|url=http://linux.die.net/man/8/booleans |title=booleans(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 24. ^{{cite web|url=http://linux.die.net/man/8/getsebool |title=getsebool(8): SELinux boolean value - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 25. ^{{cite web|url=http://linux.die.net/man/8/setsebool |title=setsebool(8): set SELinux boolean value - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 26. ^{{cite web|url=http://linux.die.net/man/8/togglesebool |title=togglesebool(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}} 27. ^{{cite web |url=http://manpages.ubuntu.com/manpages/natty/man8/selinux-config-enforcing.8.html |title=Ubuntu Manpage: selinux-config-enforcing - change /etc/selinux/config to set enforcing |publisher=Canonical Ltd |date= |accessdate=2013-02-06 |deadurl=yes |archiveurl=https://web.archive.org/web/20121220020432/http://manpages.ubuntu.com/manpages/natty/man8/selinux-config-enforcing.8.html |archivedate=2012-12-20 |df= }} 28. ^{{cite web |url=http://manpages.ubuntu.com/manpages/natty/man1/selinuxenabled.1.html |title=Ubuntu Manpage: selinuxenabled - tool to be used within shell scripts to determine if |publisher=Canonical Ltd |date= |accessdate=2013-02-06 |deadurl=yes |archiveurl=https://web.archive.org/web/20130209033811/http://manpages.ubuntu.com/manpages/natty/man1/selinuxenabled.1.html |archivedate=2013-02-09 |df= }} 29. ^{{cite web |url=http://manpages.ubuntu.com/manpages/natty/man8/selinux-policy-upgrade.8.html |title=Ubuntu Manpage: selinux-policy-upgrade - upgrade the modules in the SE Linux policy |publisher=Canonical Ltd |date= |accessdate=2013-02-06 |deadurl=yes |archiveurl=https://web.archive.org/web/20120404160143/http://manpages.ubuntu.com/manpages/natty/man8/selinux-policy-upgrade.8.html |archivedate=2012-04-04 |df= }} 30. ^{{cite web | url= https://www.suse.com/documentation/sles11/book_security/data/sect1_chapter_book_security.html |publisher= SUSE |series= Security Guide |work= SELinux |title= SELinux backgrounds }} 31. ^{{cite web | url=http://manpages.ubuntu.com/manpages/hardy/man5/apparmor.d.5.html | title=apparmor.d - syntax of security profiles for AppArmor | deadurl=yes | archiveurl=https://web.archive.org/web/20131017094320/http://manpages.ubuntu.com/manpages/hardy/man5/apparmor.d.5.html | archivedate=2013-10-17 | df= }} 32. ^{{cite web|url=http://wiki.laptop.org/go/Rainbow|title=Rainbow|work=laptop.org}} 33. ^{{cite web |title=SELinux Related Work |work=NSA.gov |url=https://www.nsa.gov/what-we-do/research/selinux/related-work/ }} External links
5 : Linux kernel features|Linux security software|National Security Agency|Red Hat software|Unix file system technology |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。