Hello, Has anyone here implemented RSBAC access control in a 9+ suse/opensuse release? I am looking at testing RSBAC within suse and was wanting to know other end-user(s) experiences. I am sure that kernel patches must be altered to apply cleanly to suse kernels. And the init system within suse is a little different than most distributions, so the application of security policies for system initialization(as well as login) will need some work for sure. No rpm's of dialog or user-manager are available according to google. So this leads me to believe that not very many suse/opensuse end-users implement and/or develop fine-grained access control models. Hopefully this is incorrect. Thanks. Thomas R. Jones
Thomas Jones wrote:
Hello,
Has anyone here implemented RSBAC access control in a 9+ suse/opensuse release? I am looking at testing RSBAC within suse and was wanting to know other end-user(s) experiences.
I am sure that kernel patches must be altered to apply cleanly to suse kernels. And the init system within suse is a little different than most distributions, so the application of security policies for system initialization(as well as login) will need some work for sure.
No rpm's of dialog or user-manager are available according to google. So this leads me to believe that not very many suse/opensuse end-users implement and/or develop fine-grained access control models. Hopefully this is incorrect.
I don't know anyone who does, personally. For the vast majority of users, it's actually likely to cause things to be less secure, since access controls are, more often than not, a pain in the ass to set up and maintain. This leads to lapses. What do you need RSBAC for? SuSE 10.1 comes standard with AppArmor, which is a pretty nifty system to keep server processes under control. However, it won't stop a rogue user. If that's what you're worried about, RSBAC or SELinux are what you want. It's been my experience that very few systems these days offer shell accounts, so the vast majority of systems are more interested in locking down their server processes to prevent intrusion in the first place. I don't believe there is a standard kit for RSBAC applied to SuSE, but I recall one being done for SELinux. If you're going to create a SuSE system with RSBAC, keep in mind that it might not react well to LSM (Linux Security Module) in SuSE's kernels. AppArmor and SELinux both hook to LSM, but I'm pretty sure RSBAC wrote their own system.
On 8/28/06, suse@rio.vg <suse@rio.vg> wrote:
I don't know anyone who does, personally. For the vast majority of users, it's actually likely to cause things to be less secure, since access controls are, more often than not, a pain in the ass to set up and maintain. This leads to lapses.
I am working on a personal project to build a custom security assessment/auditing distribution based on suse for the Institute for Security and Open Methodologies(ISECOM). Exploits and auditing resources are already introduced. It's time to start securing the system to ensure data and/or object integrity and confidentiality are not compromised due to local and/or remote subject access. I would like to obtain equivalent EAL4+ functionality, as well as close to B1 as possible.
What do you need RSBAC for? SuSE 10.1 comes standard with AppArmor, which is a pretty nifty system to keep server processes under control. However, it won't stop a rogue user. If that's what you're worried about, RSBAC or SELinux are what you want.
I am looking for a finer-grained control of subjects than is provided with AppArmor. Not to mention that AppArmor provides for access control at the application level and does not take into account other subjects such as individual processes, and the the root account. With RSBAC I can construct a system that can be implemented in a great multitude of access control models such as LaPadula, TPE and Role Compatability,. Plus a correct implementation of a security officer --- thus negating "root" exploits that may render a normal system compromised.
It's been my experience that very few systems these days offer shell accounts, so the vast majority of systems are more interested in locking down their server processes to prevent intrusion in the first place.
I don't believe there is a standard kit for RSBAC applied to SuSE, but I recall one being done for SELinux. If you're going to create a SuSE system with RSBAC, keep in mind that it might not react well to LSM (Linux Security Module) in SuSE's kernels. AppArmor and SELinux both hook to LSM, but I'm pretty sure RSBAC wrote their own system.
Yeah -- i figured some finagling(spelling?) with the hooks would be needed. Even though LSM provides for decision module "stacking"; it may prove to be troublesome. I have decided to provide for a multitude of kernels to accomodate the different access control frameworks. I may need to just go with a patched vanilla kernel for all frameworks. I'll have to look at the pros and cons of both.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Thomas Jones wrote:
On 8/28/06, suse@rio.vg <suse@rio.vg> wrote:
I don't know anyone who does, personally. For the vast majority of users, it's actually likely to cause things to be less secure, since access controls are, more often than not, a pain in the ass to set up and maintain. This leads to lapses.
I am working on a personal project to build a custom security assessment/auditing distribution based on suse for the Institute for Security and Open Methodologies(ISECOM). Exploits and auditing resources are already introduced. It's time to start securing the system to ensure data and/or object integrity and confidentiality are not compromised due to local and/or remote subject access.
I would like to obtain equivalent EAL4+ functionality, as well as close to B1 as possible.
What do you need RSBAC for? SuSE 10.1 comes standard with AppArmor, which is a pretty nifty system to keep server processes under control. However, it won't stop a rogue user. If that's what you're worried about, RSBAC or SELinux are what you want.
I am looking for a finer-grained control of subjects than is provided with AppArmor. Not to mention that AppArmor provides for access control at the application level and does not take into account other subjects such as individual processes, and the the root account.
With RSBAC I can construct a system that can be implemented in a great multitude of access control models such as LaPadula, TPE and Role Compatability,. Plus a correct implementation of a security officer --- thus negating "root" exploits that may render a normal system compromised.
You're definitely looking at RSBAC for the right reasons. I just mention the downsides as many people, including myself at one time, looked at SELinux, for instance, thinking I'd make my system ultra-secure. It was overkill, and I learned my lesson. :)
It's been my experience that very few systems these days offer shell accounts, so the vast majority of systems are more interested in locking down their server processes to prevent intrusion in the first place.
I don't believe there is a standard kit for RSBAC applied to SuSE, but I recall one being done for SELinux. If you're going to create a SuSE system with RSBAC, keep in mind that it might not react well to LSM (Linux Security Module) in SuSE's kernels. AppArmor and SELinux both hook to LSM, but I'm pretty sure RSBAC wrote their own system.
Yeah -- i figured some finagling(spelling?) with the hooks would be needed. Even though LSM provides for decision module "stacking"; it may prove to be troublesome.
I have decided to provide for a multitude of kernels to accomodate the different access control frameworks. I may need to just go with a patched vanilla kernel for all frameworks. I'll have to look at the pros and cons of both.
Indeed, it's likely going to be a fair amount of work. You might want to start with SuSE's kernel and cloneconfig, then start modifying it, so it's not TOO far from what's already on SuSE. You could just remove the LSM/AppArmor from the config and start patching from there. You might also want to see if SELinux provides what you want, since there are 3rd party SELinux patches for SuSE already done. It could save you some work, if it provides what you want. Beyond that, I can't provide much help. Setting up serious user-level security can be tricky business, and attention to detail is where it counts. Good luck, and let us know how it goes...
Thomas Jones said:
Has anyone here implemented RSBAC access control in a 9+ suse/opensuse release? I am looking at testing RSBAC within suse and was wanting to know other end-user(s) experiences.
I've not heard of any successful attempt to use RSBAC with Suse. Do you need to use Suse? There are other distributions that are better prepared for RSBAC. You might want to try Adamantix (http://www.adamantix.org/) or Hardened Gentoo (http://www.gentoo.org/proj/en/hardened/). -- Michel Messerschmidt, lists@michel-messerschmidt.de $ rpm -q --whatrequires linux no package requires linux
participants (3)
-
Michel Messerschmidt -
suse@rio.vg -
Thomas Jones