SecurityModuleAdminTool
|
⇤ ← Revision 1 as of 2007-05-09 21:58:55
Size: 3406
Comment:
|
Size: 3409
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| * '''Launchpad Entry''': UbuntuSpec:SecurityModuleAdminTool | * '''Launchpad Entry''': UbuntuSpec:security-module-admin-tool |
Launchpad Entry: security-module-admin-tool
Packages affected: apparmor-profiles, selinux-policy
See also: AppArmor, SELinux
Summary
This specification defines an administration tool used to setup and apply security profiles to programs.
Rationale
The main security frameworks (SELinux and AppArmor) are in Ubuntu repositories. However, their setup and management are not easy and relies mainly on command line tools.
SELinux is already in the kernel and the utilities are in main. There are a number of profiles installed by default.
AppArmor is not included in the kernel. All the packages are in universe. There are a number of profiles installed by default.
Use Cases
- Alice has installed an ubuntu server to provide file and printer sharing service via samba. She wants to increase the security level of her server.
She opens the security policy manager and applies an AppArmor security policy to the samba service.
- Bob has just installed a LAMP server using the ubuntu alternate cd. He wants to increase the security of his server by using SELinux. He opens the security policy manager and applies a SELinux security policy to the LAMP service.
Scope
It should be made easy to activate and deactivate security profiles for services. It should be possible to update the profile according to the audit logs.
Design
- Provide good profiles
- In order to create a good profile, the target program has to be well tested. That leads to automatic software testing. This is also important for software updates : for each update, the profile has to be checked and potentialy updated if the behaviour of the software has changed.
- Frontend administration tool
- The frontend is used by the end user to enable profiles for program. The frontend should be framework agnostic.
Implementation
Good profiles
The base profiles can be used as a start. Profiles for the following services can be provided :
- ntpd
- named
- samba (smbd, nmbd)
- postfix
- apache from the standard LAMP installation
Administration tool
It is based on the services-admin tool.
- Reporting extension :
- It can be extended with a basic reporting function showing how many policy violation have been reported.
- Profile update :
- The end user can be offered the choice to update the profile according to the generated audit log.
Yast2 provides an administration tool for AppArmor and Fedora has an administration tool for SELinux.
Security module backends
AppArmor requires a manual compilation of the kernel module. The solution is to include AppArmor in the kernel.
Activation of a new profile : restart apparmor :
- /etc/init.d/apparmor restart
[http://outflux.net/blog/archives/2007/04/02/apparmor-now-in-feisty/ AppArmor now in feisty]
- SELinux
SELinux has to be activated on the kernel command line, at the bootloader level. Enabling/disabling it requires rebooting the system.
Activation of a new profile :
Outstanding Issues
the compilation of a module. AppArmor has been posted on the lklm for inclusion in April 2007.
BoF agenda and discussion
SecurityModuleAdminTool (last edited 2008-08-06 16:28:34 by localhost)