On Wed, Oct 14, 2009 at 5:09 PM, Matthew Ife <deleriux@xxxxxxxxxxxxxxxxxxxxx> wrote: > So, I did a brief unscientific survey regarding SELinux with my > colleagues. The idea here is to work out what people see wrong or right > with SELinux and when documentation is done what should our focus or > priorities be in regards to it? > To give you a bit of background respondents are all above average > technically Linux experienced whom work for a hosting company offering > amongst other things Linux based solutions of some sort either > pre-packed or bespoke. All the people I asked have a procedural approach > to security (not the type of thing tagged onto the end of a project line > of thinking) and in general are open to security advise. > > Attached is the PDF document with the questions I asked - you'll have to > forgive my decorating abilities! > > The questions I asked could be wrong, the people I'm asking might not be > the "average" sample we could do with and admittedly the sample is way > too small. > > So firstly on with the questions I asked and why I asked them: > >> If you installed Fedora regarding SELinux would you >> a) Disable it on install >> b) permissive on install >> c) enforcing on install. > The point with this question is to really just gauge what these peoples > feelings are with it "out of the box". Do they run it or do they not and > how does that compare with their ideas for the questions I asked below. > >> Why would you choose that option? > So the idea behind this question was to find out what they liked or > disliked about selinux which was enough of a motivator for them to turn > it on or turn it off or disable it completely. > >> Specifically what is SELinux meant to do? > Really what I wanted to find out here is what the people would consider > SELinux as being able to achieve for them as well as a brief > understanding of how much they know about SELinux. > >> Out of five, (five being very sufficient, 0 being completely > insufficient) where would you put standard UNIX permissions (rwx, > setuids and acls) for security on a machine? First for desktops second > for servers. > This question was meant to gauge the persons understanding of DAC and > how they pit against the current major security threats. I.E "Do you > find DAC is sufficient enough for securing your server". > > > >From the data this is my analysis but my opinions are pretty biased as I > already know all these people anyway. I'd love peoples feedback. > > > None of the respondents had any insight into the pros/cons of DAC or > MAC. > All the respondents saw SELinux as a fine grained access control > mechanism. > The more respondents understood about SELinux the more they were likely > to enable it. > Currently servers would benefit from SELinux more than Desktops would. > > > So from the very limited feedback I've got I would say: > > Peoples understanding of why MAC in some fashion is necessary is limited > or none existent. There should probably be some good argumentative cases > for why DAC is not able to adequately contain a security breach or > threat and what SELinux MAC is ready to do about it. Perhaps a wiki page > that explains what DAC and MAC is - giving examples, what the current > security trends and threats are against your systems and what both can / > cannot do to mitigate them. > For the first question this is the classic paper that explain why a MAC is necessary for an OS - http://jya.com/paperF1.htm For the second point this is the "selinux mitigation new" from tresys http://www.tresys.com/innovation.php n any case should be made clear that a MAC-level policy applied to a Web application does not protect applications itself in general, but the web server / application server/web application in some particular case - depends by threats (e.g. BOF versus XSS for example, defacing versus sql injection ) - but in first place the operating system that hosts them. For the issues dealt by OWASP it is necessary, ALSO, to have a web application firewall like mod_security. IMHO, the most prudent approach is to use mod_security and SELinux, both. For what regard the DOS attack MAC may or may not help, it depends. For example, if there is an application problem for which a certain sequence of commands can lead to application termination, and should not happen, the MAC can do little or nothing. Best Regards > People envision SELinux as a access control system. Documentation on > type enforcement (perhaps with examples analogous to DAC) would be > beneficial. > > In addition personally I would say most sysadmins are totally missing > fundamental security understandings (what is a subject, what is an > object, what is DAC what is MAC etc) and this means they are unable to > appreciate what SELinux is trying to accomplish. Also I believe > sysadmins do not consider containment of a security breach and spend > much of their effort attempting to prevent it in the first place. > > Well, thats probably more than I can prune on the whole thing i've got. > I might be perhaps looking way too much into the information I have and > would recommend people make up their own minds based off of the > information I supplied. > > The goal here is to find out what peoples vision of SELinux is (either > right or wrong) and what can be done to help correct it. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
