Linux admin notes - security enhanced linux

From Helpful
Jump to: navigation, search

Shell, admin, and both:

Shell - command line and bash notes · shell login - profiles and scripts ·· find and xargs and parallel · screen and tmux
Linux admin - disk and filesystem · users and permissions · Debugging · security enhanced linux · health and statistics · kernel modules · YP notes · unsorted and muck
Logging and graphing - Logging · RRDtool and munin notes
Network admin - Firewalling and other packet stuff ·


Remote desktops
VNC notes
XDMCP notes



This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

Approaches to access control

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

Things in the area you may wish to look at: SELinux, Tomoyo, AppArmor, Smack, Grsec, some more specific things like Trusted Solaris

Also consider that sometimes other forms of isolation, such as OS containers, are implicitly also access control.


For context,

  • DAC: discretionary access control
discretionary in that the access to an object is at the discretion of the object's owner
  • MAC: mandatory access control
the system, not the users, decides access between objects
objects are labeled.
rules decide what labels can interact, and how
sort of imitates security agency / military style, and can be modeled off it if you want.
  • RBAC: role-based access control
more abstract - mainly just focuses on roles, with optional thought towards inheritance, processes, etc.
could be used as the basis to implement DAC as well as MAC


It seems that

  • SELinux is RBAC & MAC (for files on top of the existing DAC system)
  • AppArmor is a DAC & MAC
  • ...

SELinux

Some description

Status

See also: