Friday, July 11, 2008

Book Review: SELinux by Example

SELinux by ExampleSELinux is a project started and actively being maintained by the U.S Department of Defense to provide a Mandatory Access Controls mechanism in Linux. It had been a long standing grouse of Linux power users and system administrators over its lack of fine grained access control over various running processes as well as files in Linux. While Solaris touts its famous RBAC and Microsoft Windows has its own way of providing finer rights to its resources, Linux had to put up with the simple but crude user rights known in tech speak as discretionary access control to control user access of files. But with SELinux project making great strides and now being bundled with many major Linux distributions, it is possible to effectively lock down a Linux system through judicious use of SELinux policies. SELinux implements a more flexible form of MAC called type enforcement and an optional form of multilevel security.

The book "SELinux by Example" is authored by three people - Frank Mayer, Karl Macmillan and David Caplan and is published by Prentice Hall. The target audience for this book is SELinux policy writers and system administrators with more content dedicated to be put to use by policy writers. There are a total of 14 chapters and 4 appendices spread just over 400 pages. The 14 chapters are in turn broadly divided into three parts with the first part containing chapters which provide an overview of SELinux, its background and the concepts behind it. The second part contain 7 chapters which are most useful for SELinux policy writers and contain detailed explanation of the syntax used in writing the policy files. It is the third part namely "Creating and Writing SELinux Security Policies" which could be most put to use by system administrators where the authors provide enough details of working with SELinux.

In the second chapter, the authors introduce the concept of type enforcement access control, understanding of which is imperative to ones knowledge of SELinux. They further talk on the concept of roles and multi level security. And true to the title of the book, all these concepts are explained by analyzing the security controls of the ubiquitous passwd program.

In the succeeding chapter the authors explain the underlying architecture of SELinux. More specifically, how SELinux integrates with the Linux kernel via the Linux security module (LSM), the organization of the policy source file and how to build and install policies.

SELinux policies to a large extent are based on object classes. For example, you can create an object class and associate a set of permissions to that class. And all objects associated with that class will share the same set of permissions. In the fourth chapter, one get to know about different types of object classes and the permissions that can be assigned to these classes. A total of 40 classes and 48 permissions are discussed in this chapter.

The next chapter titled "Types Enforcement" goes into a detailed analysis of all the types and attributes as well as the rules that could be used. The majority of SELinux policy is a set of statements and rules that collectively define the type enforcement policy. Going through the chapter, I was able to get a fair idea of the syntax used in writing TE policies.

Keeping in mind the complexity of the subject, it helps a great deal that at the end of each chapter, there is a summary section where the authors have listed the important points covered in the chapter. More over, one gets to answer a couple of questions and check one's knowledge about the topic being discussed.

In the 6th chapter, the authors explain in detail the concept of roles and their relationship in SELinux. In fact, what I really like about this book is the fact that each concept of SELinux has been dedicated a chapter of its own. For instance, constraints, multilevel security, type enforcement, conditional policies,... all are explained in chapters of their own.

One thing worth noting is that Fedora Core 4 and RHEL 4 and above ship with the targeted policy by default. Where as to completely lock down a Linux machine, you need to embrace the strict SELinux policy. But this has the side effect of causing breakages with some of the existing Linux applications which expect looser security controls. In targeted policy, the more confining rules are focused on a subset of likely to be attacked network applications. So in most cases, one can manage by using targeted policy. This book mostly deals with the strict policy of SELinux and in chapter 11, the authors dissect the strict example policy maintained and updated via the NSA and Fedora Core mailing lists.

But there is another policy called the Reference Policy which is an attempt to water down the strict policy maintained by NSA and in the process make it easier to use, understand, maintain, also to make it more modular and this is covered in the succeeding chapter titled "Reference Policy".

The chapter titled "Managing an SELinux system" is one which the system administrators will relate to, where the authors throw light on the hierarchy of SELinux configuration files. The purpose of each file is explained in simple terms. And considering that SELinux comes bundled with a rich set of tools meant to be used by system administrators, one gets to know the usage of some of them and also learn about the common problems that are faced by administrators while administering an SELinux system.

And in the last chapter of the book which is the 14th chapter, one is introduced to the task of writing policy modules. Here the authors hand hold in the creation of a policy module for the IRC daemon for Fedora Core 4 from start to finish which involves right from the planning stage to writing and applying the policy module, to the final testing of the module.

This book also includes 4 appendices which contain a wealth of knowledge on SELinux. I especially liked appendix C which lists all the object classes and permissions as well as appendix D which has a list of SELinux system tools and third party utilities with explanations.

It could be just me but I found that I was better able to assimilate what the authors explained when I read the 13th chapter of this book first and then went back to read the 4rd chapter onwards. Having said that, I find this book to be an excellent resource for people interested in developing SELinux policies and to a lesser extent a resource for system administrators. At the very least, this book imparts a deep understanding of the features, structure and working of SELinux.

Book Specifications
Name : SELinux by Example
ISBN No : 0-13-196369-4
Authors : Frank Mayer, Karl Macmillan and David Caplan
Number of Pages : 430
Publisher : Prentice Hall
Price : Check the latest price at Amazon.com
Rating : A very informative resource ideal for SELinux policy writers, Linux/Unix integrators and to a lesser extent to System Administrators.

No comments: