hands on selinux a practical introduction
play

Hands-on SELinux: A Practical Introduction Security Training Course - PowerPoint PPT Presentation

Apr 04, 2023 •206 likes •753 views

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 03/12 cja 2012 2 03/12 cja 2012 3 Introduction Welcome to the course! Instructor: Dr. Charles J.

  1. Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012

  2. 03/12 cja 2012 2

  3. 03/12 cja 2012 3

  4. Introduction • Welcome to the course! • Instructor:  Dr. Charles J. Antonelli Research Systems Group LSA Information Technology The University of Michigan cja@umich.edu, 734 926 8421 03/12 cja 2012 4

  5. Logistics • Class  Thursdays 6-9 PM (connect from 5:30 on • Breaks  About once an hour (idea: get up, move around) • Instruction  AT&T Connect remote experience  Please use the feedback icons  Lecture, Demonstration, Experiments • Lab  Linux Fedora lab environment via VMware Player • Listserv  selsec2012@umich.edu 03/12 cja 2012 5

  6. Prerequisites • Nice to have  Familiarity with Linux architecture & tools  Familiarity with popular Linux applications  Working knowledge of network apps  Some system administration experience  Familiarity with white- and black-hat tools  Open source mindset 03/12 cja 2012 6

  7. Take-Aways • Understand SELinux architecture • Install and configure SELinux • Interpret SELinux log records • Use SELinux permissive domains and Booleans to adjust SELinux policies • Create and modify SELinux policies for your applications • A healthy paranoia 03/12 cja 2012 7

  8. Meet the instructor • R&D(&S) in cyberinfrastructure, security, and networking • Systems research & development  Large-scale real-time parallel data acquisition & assimilation  Be Aware You’re Uploading  Advanced packet vault  SeRIF secure remote invocation framework • Teaching  HPC 101, 201 Basic & Advanced Cluster Computing  Linux Platform Security, Hands-on Network Security, Introduction to SELinux  ITS 101 Theory and Practice of Campus Computer Security  SI 630 Security in the Digital World, SI 572 Database Applications Programming  EECS 280 C++ Programming, 482 Operating Systems, 489 Computer Networks; ENGR 101 Programming and Algorithms 03/12 cja 2012 8

  9. Meet the class – Poll Level of Linux Experience: 1. Novice 2. Experienced 3. Expert 03/12 cja 2012 9

  10. Poll SELinux status on machines you administer: 1. Enforcing, and I write my own policies 2. Enforcing, and I use permissive domains, Booleans, or audit2allow 3. Permissive 4. Disabled 5. Don’t know 6. What? You can change that? 03/12 cja 2012 10

  11. Roadmap • Day 1:  Why SELinux?  Overview of SELinux  Using SELinux  SELinux Permissive Domains • Day 2:  SELinux Booleans  SELinux audit2allow  SELinux Policy Theory  SELinux Policy Praxis 03/12 cja 2012 11

  12. Why SELinux?

  13. Why SELinux? • Discretionary access control  $ ls –l /etc/passwd /etc/shadow -rw-r--r--. 1 root root 2174 2010-05-25 11:19 /etc/passwd -rw-r--r--. 1 root root 1459 2010-05-25 11:19 /etc/shadow  $ ls -la ~/bin total 52 drwxrwxrwx. 2 cja cja 4096 2010-05-18 18:22 . drwx--x--x. 39 cja cja 4096 2010-05-25 20:41 .. -rwx—-x--x. 1 cja cja 7343 2010-05-18 18:22 ccd -rwx—-x--x. 1 cja cja 7423 2010-05-18 18:22 ctime -rwx--x--x. 1 cja cja 11656 2010-05-18 18:22 ctp -rwx--x--x. 1 cja cja 7423 2010-05-18 18:22 tbd -rwx--x--x. 1 cja cja 7109 2010-05-18 18:22 titleb 03/12 cja 2012 13

  14. Why SELinux? • Buffer overflows Jan 02 16:19:45 host.example.com rpc.statd[351]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿bffff750 8 0 4 9 7 1 0 9 0 9 0 9 0 9 0 6 8 7 4 6 5 6 7 6 2 7 4 7 3 6 f 6 d 6 1 6 e 7 9 7 2 6 5 2 0 6 5 2 0 7 2 6 f 7 2 2 0 7 2 6 f 6 6 b f f f f 7 1 8 bffff719 bffff71a b f f f f 7 1 b _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ! _ _ ! _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 03/12 cja 2012 14

  15. Why SELinux? Figure 17. Prevalence of malicious code types by potential infections, 2007–2010 Source: Symantec Internet Security Threat Report, Vol. 16, April 2011 03/12 cja 2012 15

  16. Linux Architecture User Process Process Process Process Process Process Process Process Process NFS Memory Manager Security RPC/XDR VFS Scheduler Kernel TCP/IP UFS Communication Drivers 03/12 cja 2012 16

  17. Linux Architecture • Creating a process  Two intertwined system calls  A parent process calls fork()  Creates a child process » An exact copy of the parent » Including uid, open files, devices, network connections  The child process calls exec(executable)  Overlays itself with the named executable » Retains uid, open files, devices, network connections 03/12 cja 2012 17

  18. Linux Architecture • Creating trouble  exec() may be called without fork()  Useful paradigm  tcpd execs the wrapped application after validation  So what happens if a process calls exec("/bin/sh") ?  Process becomes a command shell  Running with the overlaid process's credentials » If the process was running as root, so is the shell  Connected the same network connections » If the process was connected to your keyboard, so is the shell » If the process was connected to a client, so is the shell 03/12 cja 2012 18

  19. Smashing the stack Part I • A calling function will write its return address into a memory data structure called the stack • When the called function is finished, the processor will jump to whatever address is stored in the stack • Suppose “ Local Variable 1 ” is an array of integers of some fixed size • Suppose our called function doesn’t check boundary conditions properly and writes values past the end of the array  The first value beyond the end of the array overwrites the stack  The second value overwrites the return address on the stack • When the called function returns, the processor jumps to the overwritten address 03/12 cja 2012 19

  20. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Parameter 1 Return Address RA Saved FP FP Local Variable 1 Local Variable 2 SP … 0x00000000 03/12 cja 2012 20

  21. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Parameter 1 Return Address RA Saved FP FP Value Local Variable 2 SP … 0x00000000 03/12 cja 2012 21

  22. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Parameter 1 Return Address RA Value FP Value Local Variable 2 SP … 0x00000000 03/12 cja 2012 22

  23. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Parameter 1 Value RA Value FP Value Local Variable 2 SP … 0x00000000 03/12 cja 2012 23

  24. Smashing the stack 0xFFFFFFFF … Parameter 3 Parameter 2 Virtual Addresses Value … Value RA Value FP Value Local Variable 2 SP … 0x00000000 03/12 cja 2012 24

  25. Smashing the stack Part II • Suppose the attacker has placed malicious code somewhere in memory and overwrites that address on the stack  Now the attacker has forced your process to execute her code • Where to place the code?  Simplest to put it in the buffer that is being overflowed • How to get the code into the buffer?  Examine the source code  Look for copy functions that don ’ t check bounds » gets, strcpy, strcat, sprintf, …  Look for arguments to those functions that are under the attacker ’ s control and not validated by the victim code » Environment variables, format strings, URLs, … 03/12 cja 2012 25

  26. Lab – stopping buffer overflows 1. Copy selsmash.tgz from Supplemental Information on course web page  wget ¡http://www-­‑personal.umich.edu/~cja/SEL11/supp/selsmash.tgz ¡  tar ¡zxf ¡selsmash.tgz ¡  cd ¡~/selsmash ¡  make ¡  … ¡enter ¡your ¡password ¡when ¡prompted ¡ 2. Run the executable  What happened?  Examine the SELinux audit 3. Change SELinux to permissive mode  Applications| Other| SELinux management  … enter root password when prompted  … may take a while to come up  Set current enforcing mode to permissive 4. Rerun the executable  What happened this time? 03/12 cja 2012 26

  27. Lab – supplemental • We ’ ll be using gdb  “ gdb file ” to debug; “ info gdb ” for manual:  type cursor motion keys to move cursor  type page motion keys or “ f ” to page forward or “ b ” to page back  type “ p ” to return to previous page  position cursor on topic (line with ::) and type enter to move to new topic  type “ u ” to return to previous topic  type “ / ” , string , and return to search for string in current topic  type “ q ” to quit • We ’ ll examine buffer overflows in detail  Follow along with instructor • Code taken from Shellcoder ’ s Handbook  Actually, Aleph One ’ s 1996 “ Smashing the Stack for Fun and Profit ” paper 03/12 cja 2012 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

1.71k views • 60 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

693 views • 45 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 02/13 cja 2013 2 02/13 cja 2013 3 Introduction Welcome to the course! Instructor: Dr. Charles J.

1.24k views • 55 slides
What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem Solutions 1.SELinux == Labeling 2.SELinux Needs to Know 3.SELinux Policy/Apps can have bugs. 4.You could be COMPROMISED!!!! SELinux == Labeling Every

611 views • 11 slides
An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh bvba < toshaan@vantosh.com

An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh bvba < toshaan@vantosh.com

An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing SELinux FroSCon 2012 Policies 25 August 2012 The End An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh

466 views • 29 slides
SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What? SELinux is a MAC system for Linux Enabled by default on Fedora, RHEL Available on Ubuntu, Gentoo, Debian, etc Policies are available for

579 views • 16 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Introduction Introduction Welcome to the course! Instructor: Dr.

678 views • 10 slides
GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions Paulino Prez 1 Jos Crossa 1 1

GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions Paulino Prez 1 Jos Crossa 1 1

GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions Paulino Prez 1 Jos Crossa 1 1 ColPos-Mxico 2 CIMMyT-Mxico September, 2014. SLU, Sweden GENOMIC SELECTION WORKSHOP:Hands on Practical Sessions 1/11 Contents General comments 1

442 views • 11 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case

881 views • 51 slides
Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research

Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research

Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research hands Prosthetics Design issues Kinematics Compliance Sensing Actuation Control Robustness Evaluation Discussion Hands of the 80s Hirose

237 views • 22 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Fundamental Tools Roadmap Review of generally useful tools

592 views • 35 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap Password

750 views • 31 slides
GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions (GBLUP-RR) Paulino Prez 1 Jos Crossa 2

GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions (GBLUP-RR) Paulino Prez 1 Jos Crossa 2

GENOMIC SELECTION WORKSHOP: Hands on Practical Sessions (GBLUP-RR) Paulino Prez 1 Jos Crossa 2 1 ColPos-Mxico 2 CIMMyT-Mxico September, 2014. SLU,Sweden GENOMIC SELECTION WORKSHOP:Hands on Practical Sessions (GBLUP-RR) 1/35 Contents

976 views • 35 slides
Compressed RDF: Practical Uses & Hands-on Antonio Faria, Javier D. Fernndez and Miguel

Compressed RDF: Practical Uses & Hands-on Antonio Faria, Javier D. Fernndez and Miguel

Compressed RDF: Practical Uses & Hands-on Antonio Faria, Javier D. Fernndez and Miguel A. Martinez-Prieto 3rd KEYSTONE Training School Keyword search in Big Linked Data 23 TH AUGUST 2017 General agenda Session I (09:00 - 10:30) "

935 views • 60 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux

SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux

SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux Paul Kuliniewicz <kuliniew@purdue.edu> CERIAS, Purdue University Overview Overview What's wrong with macros? Can we do better?

947 views • 60 slides
Click to edit title style Vascular Surgery & Endovascular Therapy related Baylor College of

Click to edit title style Vascular Surgery & Endovascular Therapy related Baylor College of

4/8/2017 Ankle level and pedal artery occlusive Disclosure: disease Joseph L. Mills, Sr., MD I have no conflicts of interest Professor and Chief, Division of Click to edit title style Vascular Surgery & Endovascular Therapy related

168 views • 12 slides
D e s k t o p c o mp a r t me n t a l i z a t i o n t o i mp r o v

D e s k t o p c o mp a r t me n t a l i z a t i o n t o i mp r o v

D e s k t o p c o mp a r t me n t a l i z a t i o n t o i mp r o v e p r i v a c y a n d s e c u r i t y o n y o u r l a p t o p . Magnus, Tech-Evangelist @ 0 x FF D o y o u t r

510 views • 34 slides
Lecture 09: VMs and VCS head in the clouds Hands-on Unix system administration DeCal 2012-10-29

Lecture 09: VMs and VCS head in the clouds Hands-on Unix system administration DeCal 2012-10-29

Lecture 09: VMs and VCS head in the clouds Hands-on Unix system administration DeCal 2012-10-29 1 / 20 Projects groups of four people Projects Virtualization submit one form per group with OCF Head in the clouds usernames,

578 views • 20 slides
Feature annotation Compartments, TADs and peaks Compartments Recap Learning Identify

Feature annotation Compartments, TADs and peaks Compartments Recap Learning Identify

Feature annotation Compartments, TADs and peaks Compartments Recap Learning Identify compartments in HiC matrix Compartments in plants objectives Compartments - A compartment: - active regions (euchromatin) - B compartment:

552 views • 25 slides
Capital Budgeting: Biases (Welch, Chapter 13-5) Ivo Welch More Biases Overconfidence Are you

Capital Budgeting: Biases (Welch, Chapter 13-5) Ivo Welch More Biases Overconfidence Are you

Capital Budgeting: Biases (Welch, Chapter 13-5) Ivo Welch More Biases Overconfidence Are you overconfident? (Note that this can also affect proper volatility estimates in real options.) 90% Confidence Interval Give a 90% confidence interval

517 views • 13 slides
IETF81 BGP Add-Paths Best Practices draft-ietf-idr-add-paths-guidelines-01 J. Uttaro

IETF81 BGP Add-Paths Best Practices draft-ietf-idr-add-paths-guidelines-01 J. Uttaro

IETF81 BGP Add-Paths Best Practices draft-ietf-idr-add-paths-guidelines-01 J. Uttaro uttaro@att.com P. Francois pierre.francois@uclouvain.be V. Van den Schrieck virginie.vandenschrieck@uclouvain.be A. Simpson

428 views • 6 slides
LLVM Binutils BoF 2019 EuroLLVM Developers' Meeting James Henderson (SN Systems) Jordan

LLVM Binutils BoF 2019 EuroLLVM Developers' Meeting James Henderson (SN Systems) Jordan

LLVM Binutils BoF 2019 EuroLLVM Developers' Meeting James Henderson (SN Systems) Jordan Rupprecht (Google) Introduction LLVM binary utilities (aka binutils) include: llvm-readobj/llvm-readelf llvm-objdump llvm-objcopy

352 views • 8 slides
Object & Polymorphism Check out Polymorphism from SVN Inheritance, Associations, and

Object & Polymorphism Check out Polymorphism from SVN Inheritance, Associations, and

Object & Polymorphism Check out Polymorphism from SVN Inheritance, Associations, and Dependencies Solid line, open arrowhead = has - a Dependency lines are dashed Field association lines are solid Us Use associat iation ion li

456 views • 20 slides

More recommend