RSBAC Functionality

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

RSBAC Functionality

Thomas Jones-2
Hello,

Has anyone here implemented RSBAC access control in a 9+ suse/opensuse
release? I am looking at testing RSBAC within suse and was wanting to
know other end-user(s) experiences.

I am sure that kernel patches must be altered to apply cleanly to suse
kernels. And the init system within suse is a little different than
most distributions, so the application of security policies for system
initialization(as well as login) will need some work for sure.

No rpm's of dialog or user-manager are available according to google.
So this leads me to believe that not very many suse/opensuse end-users
implement and/or develop fine-grained access control models. Hopefully
this is incorrect.

Thanks.
Thomas R. Jones

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: RSBAC Functionality

Suse-3
Thomas Jones wrote:

> Hello,
>
> Has anyone here implemented RSBAC access control in a 9+ suse/opensuse
> release? I am looking at testing RSBAC within suse and was wanting to
> know other end-user(s) experiences.
>
> I am sure that kernel patches must be altered to apply cleanly to suse
> kernels. And the init system within suse is a little different than
> most distributions, so the application of security policies for system
> initialization(as well as login) will need some work for sure.
>
> No rpm's of dialog or user-manager are available according to google.
> So this leads me to believe that not very many suse/opensuse end-users
> implement and/or develop fine-grained access control models. Hopefully
> this is incorrect.

I don't know anyone who does, personally.  For the vast majority of
users, it's actually likely to cause things to be less secure, since
access controls are, more often than not, a pain in the ass to set up
and maintain.  This leads to lapses.

What do you need RSBAC for?  SuSE 10.1 comes standard with AppArmor,
which is a pretty nifty system to keep server processes under control.
However, it won't stop a rogue user.  If that's what you're worried
about, RSBAC or SELinux are what you want.

It's been my experience that very few systems these days offer shell
accounts, so the vast majority of systems are more interested in locking
down their server processes to prevent intrusion in the first place.

I don't believe there is a standard kit for RSBAC applied to SuSE, but I
recall one being done for SELinux.  If you're going to create a SuSE
system with RSBAC, keep in mind that it might not react well to LSM
(Linux Security Module) in SuSE's kernels.  AppArmor and SELinux both
hook to LSM, but I'm pretty sure RSBAC wrote their own system.


--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: RSBAC Functionality

Thomas Jones-2
On 8/28/06, [hidden email] <[hidden email]> wrote:
> I don't know anyone who does, personally.  For the vast majority of
> users, it's actually likely to cause things to be less secure, since
> access controls are, more often than not, a pain in the ass to set up
> and maintain.  This leads to lapses.

I am working on a personal project to build a custom security
assessment/auditing distribution based on suse for the Institute for
Security and Open Methodologies(ISECOM). Exploits and auditing
resources are already introduced. It's time to start securing the
system to ensure data and/or object integrity and confidentiality are
not compromised due to local and/or remote subject access.

I would like to obtain equivalent EAL4+ functionality, as well as
close to B1 as possible.

>
> What do you need RSBAC for?  SuSE 10.1 comes standard with AppArmor,
> which is a pretty nifty system to keep server processes under control.
> However, it won't stop a rogue user.  If that's what you're worried
> about, RSBAC or SELinux are what you want.

I am looking for a finer-grained control of subjects than is provided
with AppArmor. Not to mention that AppArmor provides for access
control at the application level and does not take into account other
subjects such as individual processes, and the the root account.

With RSBAC I can construct a system that can be implemented in a great
multitude of access control models such as LaPadula, TPE and Role
Compatability,. Plus a correct implementation of a security officer
--- thus negating "root" exploits that may render a normal system
compromised.

>
> It's been my experience that very few systems these days offer shell
> accounts, so the vast majority of systems are more interested in locking
> down their server processes to prevent intrusion in the first place.
>
> I don't believe there is a standard kit for RSBAC applied to SuSE, but I
> recall one being done for SELinux.  If you're going to create a SuSE
> system with RSBAC, keep in mind that it might not react well to LSM
> (Linux Security Module) in SuSE's kernels.  AppArmor and SELinux both
> hook to LSM, but I'm pretty sure RSBAC wrote their own system.

Yeah -- i figured some finagling(spelling?) with the hooks would be
needed. Even though LSM provides for decision module "stacking"; it
may prove to be troublesome.

I have decided to provide for a multitude of kernels to accomodate the
different access control frameworks. I may need to just go with a
patched vanilla kernel for all frameworks. I'll have to look at the
pros and cons of both.

>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: [hidden email]
> Security-related bug reports go to [hidden email], not here
>
>

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: RSBAC Functionality

Suse-3
Thomas Jones wrote:

> On 8/28/06, [hidden email] <[hidden email]> wrote:
>> I don't know anyone who does, personally.  For the vast majority of
>> users, it's actually likely to cause things to be less secure, since
>> access controls are, more often than not, a pain in the ass to set up
>> and maintain.  This leads to lapses.
>
> I am working on a personal project to build a custom security
> assessment/auditing distribution based on suse for the Institute for
> Security and Open Methodologies(ISECOM). Exploits and auditing
> resources are already introduced. It's time to start securing the
> system to ensure data and/or object integrity and confidentiality are
> not compromised due to local and/or remote subject access.
>
> I would like to obtain equivalent EAL4+ functionality, as well as
> close to B1 as possible.
>
>> What do you need RSBAC for?  SuSE 10.1 comes standard with AppArmor,
>> which is a pretty nifty system to keep server processes under control.
>> However, it won't stop a rogue user.  If that's what you're worried
>> about, RSBAC or SELinux are what you want.
>
> I am looking for a finer-grained control of subjects than is provided
> with AppArmor. Not to mention that AppArmor provides for access
> control at the application level and does not take into account other
> subjects such as individual processes, and the the root account.
>
> With RSBAC I can construct a system that can be implemented in a great
> multitude of access control models such as LaPadula, TPE and Role
> Compatability,. Plus a correct implementation of a security officer
> --- thus negating "root" exploits that may render a normal system
> compromised.

You're definitely looking at RSBAC for the right reasons.  I just
mention the downsides as many people, including myself at one time,
looked at SELinux, for instance, thinking I'd make my system
ultra-secure.  It was overkill, and I learned my lesson. :)

>> It's been my experience that very few systems these days offer shell
>> accounts, so the vast majority of systems are more interested in locking
>> down their server processes to prevent intrusion in the first place.
>>
>> I don't believe there is a standard kit for RSBAC applied to SuSE, but I
>> recall one being done for SELinux.  If you're going to create a SuSE
>> system with RSBAC, keep in mind that it might not react well to LSM
>> (Linux Security Module) in SuSE's kernels.  AppArmor and SELinux both
>> hook to LSM, but I'm pretty sure RSBAC wrote their own system.
>
> Yeah -- i figured some finagling(spelling?) with the hooks would be
> needed. Even though LSM provides for decision module "stacking"; it
> may prove to be troublesome.
>
> I have decided to provide for a multitude of kernels to accomodate the
> different access control frameworks. I may need to just go with a
> patched vanilla kernel for all frameworks. I'll have to look at the
> pros and cons of both.

Indeed, it's likely going to be a fair amount of work.  You might want
to start with SuSE's kernel and cloneconfig, then start modifying it, so
it's not TOO far from what's already on SuSE.  You could just remove the
LSM/AppArmor from the config and start patching from there.

You might also want to see if SELinux provides what you want, since
there are 3rd party SELinux patches for SuSE already done.  It could
save you some work, if it provides what you want.

Beyond that, I can't provide much help.  Setting up serious user-level
security can be tricky business, and attention to detail is where it
counts.  Good luck, and let us know how it goes...

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: RSBAC Functionality

Michel Messerschmidt
In reply to this post by Thomas Jones-2
Thomas Jones said:
> Has anyone here implemented RSBAC access control in a 9+ suse/opensuse
> release? I am looking at testing RSBAC within suse and was wanting to
> know other end-user(s) experiences.

I've not heard of any successful attempt to use RSBAC with Suse.
Do you need to use Suse?
There are other distributions that are better prepared for RSBAC.
You might want to try Adamantix (http://www.adamantix.org/) or
Hardened Gentoo (http://www.gentoo.org/proj/en/hardened/).


--
Michel Messerschmidt, [hidden email]

$ rpm -q --whatrequires linux
no package requires linux

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here