So, I did a brief unscientific survey regarding SELinux with my colleagues. The idea here is to work out what people see wrong or right with SELinux and when documentation is done what should our focus or priorities be in regards to it? To give you a bit of background respondents are all above average technically Linux experienced whom work for a hosting company offering amongst other things Linux based solutions of some sort either pre-packed or bespoke. All the people I asked have a procedural approach to security (not the type of thing tagged onto the end of a project line of thinking) and in general are open to security advise. Attached is the PDF document with the questions I asked - you'll have to forgive my decorating abilities! The questions I asked could be wrong, the people I'm asking might not be the "average" sample we could do with and admittedly the sample is way too small. So firstly on with the questions I asked and why I asked them: > If you installed Fedora regarding SELinux would you > a) Disable it on install > b) permissive on install > c) enforcing on install. The point with this question is to really just gauge what these peoples feelings are with it "out of the box". Do they run it or do they not and how does that compare with their ideas for the questions I asked below. > Why would you choose that option? So the idea behind this question was to find out what they liked or disliked about selinux which was enough of a motivator for them to turn it on or turn it off or disable it completely. > Specifically what is SELinux meant to do? Really what I wanted to find out here is what the people would consider SELinux as being able to achieve for them as well as a brief understanding of how much they know about SELinux. > Out of five, (five being very sufficient, 0 being completely insufficient) where would you put standard UNIX permissions (rwx, setuids and acls) for security on a machine? First for desktops second for servers. This question was meant to gauge the persons understanding of DAC and how they pit against the current major security threats. I.E "Do you find DAC is sufficient enough for securing your server". >From the data this is my analysis but my opinions are pretty biased as I already know all these people anyway. I'd love peoples feedback. None of the respondents had any insight into the pros/cons of DAC or MAC. All the respondents saw SELinux as a fine grained access control mechanism. The more respondents understood about SELinux the more they were likely to enable it. Currently servers would benefit from SELinux more than Desktops would. So from the very limited feedback I've got I would say: Peoples understanding of why MAC in some fashion is necessary is limited or none existent. There should probably be some good argumentative cases for why DAC is not able to adequately contain a security breach or threat and what SELinux MAC is ready to do about it. Perhaps a wiki page that explains what DAC and MAC is - giving examples, what the current security trends and threats are against your systems and what both can / cannot do to mitigate them. People envision SELinux as a access control system. Documentation on type enforcement (perhaps with examples analogous to DAC) would be beneficial. In addition personally I would say most sysadmins are totally missing fundamental security understandings (what is a subject, what is an object, what is DAC what is MAC etc) and this means they are unable to appreciate what SELinux is trying to accomplish. Also I believe sysadmins do not consider containment of a security breach and spend much of their effort attempting to prevent it in the first place. Well, thats probably more than I can prune on the whole thing i've got. I might be perhaps looking way too much into the information I have and would recommend people make up their own minds based off of the information I supplied. The goal here is to find out what peoples vision of SELinux is (either right or wrong) and what can be done to help correct it.
Attachment:
selinux_survey.pdf
Description: Adobe PDF document
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list