Submitted by Linux security may seem daunting, but there are a host of best practices to simplify the maze. Recently, Steve Grubb of Red Hat Inc. outlined some important security principles, including minimizing admin access, the increasing sophistication of SELinux and the importance of auditing systems.
There is too much confusion about information security – often technology or product led. Just because you can do firewalling doesn’t mean you should. Just because you can do user account control doesn’t mean its the end of the story.
To analsyse an information system with respect to security, look at it from the perspective of the following four orthogonal views:
* Confidentiality / Privacy
Information should only be viewable by those authorised to do so. Is this maintained in the system I am looking at? (linux: init 1?)
* Integrity
The integrity of informations should be maintained and verifiable. This includes both the source of the information – source integrity, as well as the message itself in transit – message integrity. Not many system maintain do this sufficiently for the purposes of their jobs. Also think, spam and phishing!
* Availability
A system or service should aim to maintain availability or quality of service appropriate to its intended purpose. An attacker may not seek to read your messages or subvert them – just slow them down to an unusable crawl, or even knock your system out. Many see this as Denial Of Service.
* Auditability
Who did What, When and Why?
The above perspectives can be applied to large complex systems or small individual components.
Pretty good, but you are missing one of the main buzzwords that SELinux was designed to achieve, IA (Information Assurance)[1].
SELinux is a form of MAC (Mandatory Access Control)[2] that provides IA. A simpler version of MAC such as SMACK or AppArmour can’t do IA by design. The pathname isn’t enough information to do proper IA flow.
This is a good article though.
[1] http://en.wikipedia.org/wiki/Information_assurance
[2] http://en.wikipedia.org/wiki/Information_assurance
security should be simple. that is why the user+group works better than a full blown acl (yes, i know acl are really needed in some cases).
security should also be minimal, define only the things needed and deny everything else.
if you keep your eye on those 2 rules there should be almost no problems. but security is usually a pain in the ass, that’s why windows has the “everyone is admin by default”.
We’ve seen SELINUX systems where people simply get to the point that it doesn’t work; As a measure, the SELINUX stuff is disabled. This is where AppArmor comes to mind. It’s easier, configs are readable for most people.
I am not argueing about SELINUX vs whatever. Just a point that’s backed by real life.