hands on selinux a practical introduction
play

Hands-on SELinux: A Practical Introduction Security Training Course - PowerPoint PPT Presentation

Apr 04, 2023 •206 likes •753 views

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 03/12 cja 2012 2 03/12 cja 2012 3 Introduction Welcome to the course! Instructor: Dr. Charles J.

  1. Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012

  2. 03/12 cja 2012 2

  3. 03/12 cja 2012 3

  4. Introduction • Welcome to the course! • Instructor:  Dr. Charles J. Antonelli Research Systems Group LSA Information Technology The University of Michigan cja@umich.edu, 734 926 8421 03/12 cja 2012 4

  5. Logistics • Class  Thursdays 6-9 PM (connect from 5:30 on • Breaks  About once an hour (idea: get up, move around) • Instruction  AT&T Connect remote experience  Please use the feedback icons  Lecture, Demonstration, Experiments • Lab  Linux Fedora lab environment via VMware Player • Listserv  selsec2012@umich.edu 03/12 cja 2012 5

  6. Prerequisites • Nice to have  Familiarity with Linux architecture & tools  Familiarity with popular Linux applications  Working knowledge of network apps  Some system administration experience  Familiarity with white- and black-hat tools  Open source mindset 03/12 cja 2012 6

  7. Take-Aways • Understand SELinux architecture • Install and configure SELinux • Interpret SELinux log records • Use SELinux permissive domains and Booleans to adjust SELinux policies • Create and modify SELinux policies for your applications • A healthy paranoia 03/12 cja 2012 7

  8. Meet the instructor • R&D(&S) in cyberinfrastructure, security, and networking • Systems research & development  Large-scale real-time parallel data acquisition & assimilation  Be Aware You’re Uploading  Advanced packet vault  SeRIF secure remote invocation framework • Teaching  HPC 101, 201 Basic & Advanced Cluster Computing  Linux Platform Security, Hands-on Network Security, Introduction to SELinux  ITS 101 Theory and Practice of Campus Computer Security  SI 630 Security in the Digital World, SI 572 Database Applications Programming  EECS 280 C++ Programming, 482 Operating Systems, 489 Computer Networks; ENGR 101 Programming and Algorithms 03/12 cja 2012 8

  9. Meet the class – Poll Level of Linux Experience: 1. Novice 2. Experienced 3. Expert 03/12 cja 2012 9

  10. Poll SELinux status on machines you administer: 1. Enforcing, and I write my own policies 2. Enforcing, and I use permissive domains, Booleans, or audit2allow 3. Permissive 4. Disabled 5. Don’t know 6. What? You can change that? 03/12 cja 2012 10

  11. Roadmap • Day 1:  Why SELinux?  Overview of SELinux  Using SELinux  SELinux Permissive Domains • Day 2:  SELinux Booleans  SELinux audit2allow  SELinux Policy Theory  SELinux Policy Praxis 03/12 cja 2012 11

  12. Why SELinux?

  13. Why SELinux? • Discretionary access control  $ ls –l /etc/passwd /etc/shadow -rw-r--r--. 1 root root 2174 2010-05-25 11:19 /etc/passwd -rw-r--r--. 1 root root 1459 2010-05-25 11:19 /etc/shadow  $ ls -la ~/bin total 52 drwxrwxrwx. 2 cja cja 4096 2010-05-18 18:22 . drwx--x--x. 39 cja cja 4096 2010-05-25 20:41 .. -rwx—-x--x. 1 cja cja 7343 2010-05-18 18:22 ccd -rwx—-x--x. 1 cja cja 7423 2010-05-18 18:22 ctime -rwx--x--x. 1 cja cja 11656 2010-05-18 18:22 ctp -rwx--x--x. 1 cja cja 7423 2010-05-18 18:22 tbd -rwx--x--x. 1 cja cja 7109 2010-05-18 18:22 titleb 03/12 cja 2012 13

  14. Why SELinux? • Buffer overflows Jan 02 16:19:45 host.example.com rpc.statd[351]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿bffff750 8 0 4 9 7 1 0 9 0 9 0 9 0 9 0 6 8 7 4 6 5 6 7 6 2 7 4 7 3 6 f 6 d 6 1 6 e 7 9 7 2 6 5 2 0 6 5 2 0 7 2 6 f 7 2 2 0 7 2 6 f 6 6 b f f f f 7 1 8 bffff719 bffff71a b f f f f 7 1 b _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ! _ _ ! _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 03/12 cja 2012 14

  15. Why SELinux? Figure 17. Prevalence of malicious code types by potential infections, 2007–2010 Source: Symantec Internet Security Threat Report, Vol. 16, April 2011 03/12 cja 2012 15

  16. Linux Architecture User Process Process Process Process Process Process Process Process Process NFS Memory Manager Security RPC/XDR VFS Scheduler Kernel TCP/IP UFS Communication Drivers 03/12 cja 2012 16

  17. Linux Architecture • Creating a process  Two intertwined system calls  A parent process calls fork()  Creates a child process » An exact copy of the parent » Including uid, open files, devices, network connections  The child process calls exec(executable)  Overlays itself with the named executable » Retains uid, open files, devices, network connections 03/12 cja 2012 17

  18. Linux Architecture • Creating trouble  exec() may be called without fork()  Useful paradigm  tcpd execs the wrapped application after validation  So what happens if a process calls exec("/bin/sh") ?  Process becomes a command shell  Running with the overlaid process's credentials » If the process was running as root, so is the shell  Connected the same network connections » If the process was connected to your keyboard, so is the shell » If the process was connected to a client, so is the shell 03/12 cja 2012 18

  19. Smashing the stack Part I • A calling function will write its return address into a memory data structure called the stack • When the called function is finished, the processor will jump to whatever address is stored in the stack • Suppose “ Local Variable 1 ” is an array of integers of some fixed size • Suppose our called function doesn’t check boundary conditions properly and writes values past the end of the array  The first value beyond the end of the array overwrites the stack  The second value overwrites the return address on the stack • When the called function returns, the processor jumps to the overwritten address 03/12 cja 2012 19

  20. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Parameter 1 Return Address RA Saved FP FP Local Variable 1 Local Variable 2 SP … 0x00000000 03/12 cja 2012 20

  21. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Parameter 1 Return Address RA Saved FP FP Value Local Variable 2 SP … 0x00000000 03/12 cja 2012 21

  22. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Parameter 1 Return Address RA Value FP Value Local Variable 2 SP … 0x00000000 03/12 cja 2012 22

  23. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Parameter 1 Value RA Value FP Value Local Variable 2 SP … 0x00000000 03/12 cja 2012 23

  24. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Value … Value RA Value FP Value Local Variable 2 SP … 0x00000000 03/12 cja 2012 24

  25. Smashing the stack Part II • Suppose the attacker has placed malicious code somewhere in memory and overwrites that address on the stack  Now the attacker has forced your process to execute her code • Where to place the code?  Simplest to put it in the buffer that is being overflowed • How to get the code into the buffer?  Examine the source code  Look for copy functions that don ’ t check bounds » gets, strcpy, strcat, sprintf, …  Look for arguments to those functions that are under the attacker ’ s control and not validated by the victim code » Environment variables, format strings, URLs, … 03/12 cja 2012 25

  26. Lab – stopping buffer overflows 1. Copy selsmash.tgz from Supplemental Information on course web page  wget ¡http://www-­‑personal.umich.edu/~cja/SEL11/supp/selsmash.tgz ¡  tar ¡zxf ¡selsmash.tgz ¡  cd ¡~/selsmash ¡  make ¡  … ¡enter ¡your ¡password ¡when ¡prompted ¡ 2. Run the executable  What happened?  Examine the SELinux audit 3. Change SELinux to permissive mode  Applications| Other| SELinux management  … enter root password when prompted  … may take a while to come up  Set current enforcing mode to permissive 4. Rerun the executable  What happened this time? 03/12 cja 2012 26

  27. Lab – supplemental • We ’ ll be using gdb  “ gdb file ” to debug; “ info gdb ” for manual:  type cursor motion keys to move cursor  type page motion keys or “ f ” to page forward or “ b ” to page back  type “ p ” to return to previous page  position cursor on topic (line with ::) and type enter to move to new topic  type “ u ” to return to previous topic  type “ / ” , string , and return to search for string in current topic  type “ q ” to quit • We ’ ll examine buffer overflows in detail  Follow along with instructor • Code taken from Shellcoder ’ s Handbook  Actually, Aleph One ’ s 1996 “ Smashing the Stack for Fun and Profit ” paper 03/12 cja 2012 27

Recommend

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

1.71k views • 60 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

693 views • 45 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 02/13 cja 2013 2 02/13 cja 2013 3 Introduction Welcome to the course! Instructor: Dr. Charles J.

1.24k views • 55 slides
What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem Solutions 1.SELinux == Labeling 2.SELinux Needs to Know 3.SELinux Policy/Apps can have bugs. 4.You could be COMPROMISED!!!! SELinux == Labeling Every

611 views • 11 slides
An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh bvba < toshaan@vantosh.com

An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh bvba < toshaan@vantosh.com

An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing SELinux FroSCon 2012 Policies 25 August 2012 The End An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh

466 views • 29 slides
SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What? SELinux is a MAC system for Linux Enabled by default on Fedora, RHEL Available on Ubuntu, Gentoo, Debian, etc Policies are available for

579 views • 16 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Introduction Introduction Welcome to the course! Instructor: Dr.

678 views • 10 slides
GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions Paulino Prez 1 Jos Crossa 1 1

GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions Paulino Prez 1 Jos Crossa 1 1

GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions Paulino Prez 1 Jos Crossa 1 1 ColPos-Mxico 2 CIMMyT-Mxico September, 2014. SLU, Sweden GENOMIC SELECTION WORKSHOP:Hands on Practical Sessions 1/11 Contents General comments 1

442 views • 11 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case

881 views • 51 slides
Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research

Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research

Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research hands Prosthetics Design issues Kinematics Compliance Sensing Actuation Control Robustness Evaluation Discussion Hands of the 80s Hirose

237 views • 22 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Fundamental Tools Roadmap Review of generally useful tools

592 views • 35 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap Password

750 views • 31 slides
GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions (GBLUP-RR) Paulino Prez 1 Jos Crossa 2

GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions (GBLUP-RR) Paulino Prez 1 Jos Crossa 2

GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions (GBLUP-RR) Paulino Prez 1 Jos Crossa 2 1 ColPos-Mxico 2 CIMMyT-Mxico September, 2014. SLU,Sweden GENOMIC SELECTION WORKSHOP:Hands on Practical Sessions (GBLUP-RR) 1/35 Contents

976 views • 35 slides
Compressed RDF: Practical Uses & Hands-on Antonio Faria, Javier D. Fernndez and Miguel

Compressed RDF: Practical Uses & Hands-on Antonio Faria, Javier D. Fernndez and Miguel

Compressed RDF: Practical Uses & Hands-on Antonio Faria, Javier D. Fernndez and Miguel A. Martinez-Prieto 3rd KEYSTONE Training School Keyword search in Big Linked Data 23 TH AUGUST 2017 General agenda Session I (09:00 - 10:30) "

935 views • 60 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux

SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux

SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux Paul Kuliniewicz <kuliniew@purdue.edu> CERIAS, Purdue University Overview Overview What's wrong with macros? Can we do better?

947 views • 60 slides
Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting SELinux to Mac OS X SELinux Symposium 2007 ELinux Symposium 2007 S Chris Vance Information Systems Security Operation, SPARTA, Inc.

700 views • 26 slides
State of SELinux Paul Moore September 2017 Kernel Changes Obligatory Container Slide

State of SELinux Paul Moore September 2017 Kernel Changes Obligatory Container Slide

State of SELinux Paul Moore September 2017 Kernel Changes Obligatory Container Slide Individual file labeling for cgroup, cgroup2, and tracefs Allows for labels unique to each container, enabling SELinux enforced separation for these

482 views • 16 slides
Problems for Breakfast Shaking Hands Seven people in a room start shaking hands. Six of them

Problems for Breakfast Shaking Hands Seven people in a room start shaking hands. Six of them

Introduction Graph Theory City Colouring Facebook Friends Villages and Canals Parting Thoughts Problems for Breakfast Shaking Hands Seven people in a room start shaking hands. Six of them shake exactly two peoples hands. How many people

878 views • 45 slides
SELinux Example: I may chmod o+a the file containing 506 grades, which violates

SELinux Example: I may chmod o+a the file containing 506 grades, which violates

12/6/12 MAC vs. DAC By default, Unix/Linux provides Discretionary Access Control The user (subject) has discretion to set security policies (or not) SELinux Example: I may chmod o+a the file containing 506 grades,

412 views • 5 slides
SElinux filesystem filesystem labeling labeling SElinux and type enforcement and type

SElinux filesystem filesystem labeling labeling SElinux and type enforcement and type

SElinux filesystem filesystem labeling labeling SElinux and type enforcement and type enforcement November 13, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments

356 views • 24 slides
Statistical Analysis of Genetic and Phenotypic Data for Breeders: Hands on Practical Sessions

Statistical Analysis of Genetic and Phenotypic Data for Breeders: Hands on Practical Sessions

Statistical Analysis of Genetic and Phenotypic Data for Breeders: Hands on Practical Sessions (BayesB) Paulino Prez 1 perpdgo@gmail.com Jos Crossa 2 j.crossa@CGIAR.org 1 ColPos-Mxico 2 CIMMyT-Mxico June, 2015. CIMMYT, Mxico-SAGPDB

162 views • 15 slides
Planning and Optimization X1. Hands-On and Repetition Florian Pommerening Universit at Basel

Planning and Optimization X1. Hands-On and Repetition Florian Pommerening Universit at Basel

Planning and Optimization X1. Hands-On and Repetition Florian Pommerening Universit at Basel September 18, 2019 Outline Hands-On: Outline for this and next week Setting up your machine for practical exercises. Vagrant + VirtualBox

592 views • 7 slides
Using SELinux with container runtimes Because privileged containers are scary Lukas Vrabec

Using SELinux with container runtimes Because privileged containers are scary Lukas Vrabec

Using SELinux with container runtimes Because privileged containers are scary Lukas Vrabec Senior Software Engineer Security Technologies 1 Who am I ? Lukas Vrabec SELinux Evangelist Member of Security Technologies team at Red

971 views • 70 slides

More recommend