SlideShare ist ein Scribd-Unternehmen logo

SELinux for Everyday Users

Als ODP, PDF herunterladen
P
PaulWay

Much has been written on SELinux, and a lot of it seems confusing. It's buzzword heavy, involves locking your computer up, has a strange new set of permissions that are obscure in architecture and silently fails where things used to just work. Why use it? Well, for most people, it's not actually that hard to understand. In this talk, Paul Wayper talks about how to make sense of what SELinux does, and how to keep it out of the way and get on with using your computer. In the process Paul will deal with the background to SELinux, what it's main aims are, and why you really do want it turned on.

Technologie
1 von 66
SELinux for everyday users
SELinux Don't be afraid!
SELinux – the bad ,[object Object]
SELinux – the bad ,[object Object]
Mandatory Access Control
SELinux – the bad ,[object Object]
Mandatory Access Control
Infested with jargon ,[object Object]
SELinux – the bad ,[object Object]
Mandatory Access Control
Infested with jargon
Breaks systems ,[object Object]
Applications stop working
Can't make it stop
SELinux – the bad ,[object Object]
SELinux – the bad ,[object Object]
Uses Debian
SELinux – the bad ,[object Object]
Uses Debian
Not an everyday user!
SELinux Don't be afraid!
SELinux – the good ,[object Object]
SELinux – the good ,[object Object]
SELinux – the good ,[object Object]
SELinux – the good ,[object Object]
SELinux – the good ,[object Object]
Fedora since Core 2 (2004)
RHEL since version 4 (2005)
SELinux – the good ,[object Object]
Fedora since Core 2 (2004)
RHEL since version 4 (2005)
Debian since Etch (2007)
Ubuntu since Hardy Heron 8.04 (2008)
SELinux How does it work?
SELinux – the basics ,[object Object]
SELinux – the basics ,[object Object]
Packaged security policy
SELinux – the basics ,[object Object]
Packaged security policy
Checks database of rules on syscalls
SELinux – the basics ,[object Object]
Packaged security policy
Checks database of rules on syscalls
Allows or denies based on policy
SELinux What does it really do?
SELinux – what does it do? ,[object Object],tchmilfan : didi! - http://www.flickr.com/photos/tchmilfan/1033216436/
SELinux – what does it do? ,[object Object]
SELinux – what does it do? ,[object Object]
Policies limit what a daemon can access and how.
SELinux – what does it do? ,[object Object]
Policies limit what a daemon can access and how.
Prevents daemon compromise affecting other files.
SELinux – what does it do? ,[object Object]
Policies limit what a daemon can access and how.
Prevents daemon compromise affecting other files / users / ports / etc.
SELinux – what does it do? ,[object Object]
User processes are unaffected
SELinux – what does it do? ,[object Object]
User processes are unaffected ,[object Object]
SELinux – what does it do? ,[object Object]
User processes are unaffected ,[object Object]
Firefox still gets to crash your system
SELinux – what does it do? ,[object Object]
User processes are unaffected ,[object Object]
Firefox still gets to crash your system
New policy being written to help that

Empfohlen

Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinuxRene Cunningham
 
SELinux Basic Usage
SELinux Basic UsageSELinux Basic Usage
SELinux Basic UsageDmytro Minochkin
 
Selinux
SelinuxSelinux
SelinuxAnkit Raj
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1Lilesh Pathe
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring PriyaTeli
 
MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxFFRI, Inc.
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Edureka!
 

Empfohlen

Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinuxRene Cunningham
 
SELinux Basic Usage
SELinux Basic UsageSELinux Basic Usage
SELinux Basic UsageDmytro Minochkin
 
Selinux
SelinuxSelinux
SelinuxAnkit Raj
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1Lilesh Pathe
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring PriyaTeli
 
MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxFFRI, Inc.
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Edureka!
 
Linux basic commands
Linux basic commandsLinux basic commands
Linux basic commandsSagar Kumar
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
Linux architecture
Linux architectureLinux architecture
Linux architectureICI Bucharest - roTLD
 
Linux security
Linux securityLinux security
Linux securitytrilokchandra prakash
 
企業システムにSELinuxを適用するときの検討事項
企業システムにSELinuxを適用するときの検討事項企業システムにSELinuxを適用するときの検討事項
企業システムにSELinuxを適用するときの検討事項Atsushi Mitsu
 
Introduction to Linux
Introduction to Linux Introduction to Linux
Introduction to Linux Harish R
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux TroubleshootingKeith Wright
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Linux Run Level
Linux Run LevelLinux Run Level
Linux Run LevelGaurav Mishra
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersChang W. Doh
 
Linux Basic Commands
Linux Basic CommandsLinux Basic Commands
Linux Basic CommandsHanan Nmr
 
Linux command ppt
Linux command pptLinux command ppt
Linux command pptkalyanineve
 
Linux systems - Linux Commands and Shell Scripting
Linux systems - Linux Commands and Shell ScriptingLinux systems - Linux Commands and Shell Scripting
Linux systems - Linux Commands and Shell ScriptingEmertxe Information Technologies Pvt Ltd
 
Linux Hardening
Linux HardeningLinux Hardening
Linux HardeningMichael Boelen
 
Embedded Android : System Development - Part IV
Embedded Android : System Development - Part IVEmbedded Android : System Development - Part IV
Embedded Android : System Development - Part IVEmertxe Information Technologies Pvt Ltd
 
Linux Presentation
Linux PresentationLinux Presentation
Linux Presentationnishantsri
 
Linux basics
Linux basicsLinux basics
Linux basicsSantosh Khadsare
 
Linux fundamentals
Linux fundamentalsLinux fundamentals
Linux fundamentalsRaghu nath
 
そろそろSELinux を有効にしてみませんか?
そろそろSELinux を有効にしてみませんか?そろそろSELinux を有効にしてみませんか?
そろそろSELinux を有効にしてみませんか?Atsushi Mitsu
 
An Introduction to Linux
An Introduction to LinuxAn Introduction to Linux
An Introduction to Linuxanandvaidya
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesDustin Kirkland
 
SELinux basics
SELinux basicsSELinux basics
SELinux basicsLubomir Rintel
 

Weitere ähnliche Inhalte

Was ist angesagt?

Linux basic commands
Linux basic commandsLinux basic commands
Linux basic commandsSagar Kumar
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
企業システムにSELinuxを適用するときの検討事項
企業システムにSELinuxを適用するときの検討事項企業システムにSELinuxを適用するときの検討事項
企業システムにSELinuxを適用するときの検討事項Atsushi Mitsu
 
Introduction to Linux
Introduction to Linux Introduction to Linux
Introduction to Linux Harish R
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux TroubleshootingKeith Wright
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersChang W. Doh
 
Linux Basic Commands
Linux Basic CommandsLinux Basic Commands
Linux Basic CommandsHanan Nmr
 
Linux command ppt
Linux command pptLinux command ppt
Linux command pptkalyanineve
 
Linux Presentation
Linux PresentationLinux Presentation
Linux Presentationnishantsri
 
Linux fundamentals
Linux fundamentalsLinux fundamentals
Linux fundamentalsRaghu nath
 
そろそろSELinux を有効にしてみませんか?
そろそろSELinux を有効にしてみませんか?そろそろSELinux を有効にしてみませんか?
そろそろSELinux を有効にしてみませんか?Atsushi Mitsu
 
An Introduction to Linux
An Introduction to LinuxAn Introduction to Linux
An Introduction to Linuxanandvaidya
 

Was ist angesagt? (20)

Linux basic commands
Linux basic commandsLinux basic commands
Linux basic commands
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
Linux architecture
Linux architectureLinux architecture
Linux architecture
 
Linux security
Linux securityLinux security
Linux security
 
企業システムにSELinuxを適用するときの検討事項
企業システムにSELinuxを適用するときの検討事項企業システムにSELinuxを適用するときの検討事項
企業システムにSELinuxを適用するときの検討事項
 
Introduction to Linux
Introduction to Linux Introduction to Linux
Introduction to Linux
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux Troubleshooting
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction
 
Linux Run Level
Linux Run LevelLinux Run Level
Linux Run Level
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for Beginners
 
Linux Basic Commands
Linux Basic CommandsLinux Basic Commands
Linux Basic Commands
 
Linux command ppt
Linux command pptLinux command ppt
Linux command ppt
 
Linux systems - Linux Commands and Shell Scripting
Linux systems - Linux Commands and Shell ScriptingLinux systems - Linux Commands and Shell Scripting
Linux systems - Linux Commands and Shell Scripting
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
Embedded Android : System Development - Part IV
Embedded Android : System Development - Part IVEmbedded Android : System Development - Part IV
Embedded Android : System Development - Part IV
 
Linux Presentation
Linux PresentationLinux Presentation
Linux Presentation
 
Linux basics
Linux basicsLinux basics
Linux basics
 
Linux fundamentals
Linux fundamentalsLinux fundamentals
Linux fundamentals
 
そろそろSELinux を有効にしてみませんか?
そろそろSELinux を有効にしてみませんか?そろそろSELinux を有効にしてみませんか?
そろそろSELinux を有効にしてみませんか?
 
An Introduction to Linux
An Introduction to LinuxAn Introduction to Linux
An Introduction to Linux
 

Andere mochten auch

Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesDustin Kirkland
 
Supply Chain som Værdiskaber - Associate Professor Kim Sundtoft Hald
Supply Chain som Værdiskaber - Associate Professor Kim Sundtoft HaldSupply Chain som Værdiskaber - Associate Professor Kim Sundtoft Hald
Supply Chain som Værdiskaber - Associate Professor Kim Sundtoft HaldCBS Competitiveness Platform
 
46 customizing se linux policy
46 customizing se linux policy46 customizing se linux policy
46 customizing se linux policyAprende Viendo
 
Ubuntu an absolute beginners guide
Ubuntu an absolute beginners guideUbuntu an absolute beginners guide
Ubuntu an absolute beginners guideCOMSATS
 
Linux training
Linux trainingLinux training
Linux trainingartisriva
 
Linux Based Network Proposal
Linux Based Network ProposalLinux Based Network Proposal
Linux Based Network ProposalChris Riccio
 
Linux conf-admin
Linux conf-adminLinux conf-admin
Linux conf-adminbadamisri
 
CLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemCLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemPaulWay
 
Operating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsOperating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsDayal Dilli
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksjayussuryawan
 
Linux apache installation
Linux apache installationLinux apache installation
Linux apache installationDima Gomaa
 
ISCSI server configuration
ISCSI server configurationISCSI server configuration
ISCSI server configurationThamizharasan P
 
Nagios Conference 2013 - David Stern - The Nagios Light Bar
Nagios Conference 2013 - David Stern - The Nagios Light BarNagios Conference 2013 - David Stern - The Nagios Light Bar
Nagios Conference 2013 - David Stern - The Nagios Light BarNagios
 
Apache server configuration
Apache server configurationApache server configuration
Apache server configurationThamizharasan P
 
DNS server configurationDns server configuration
DNS server configurationDns server configurationDNS server configurationDns server configuration
DNS server configurationDns server configurationThamizharasan P
 
Network configuration in Linux
Network configuration in LinuxNetwork configuration in Linux
Network configuration in LinuxMohammed Yazdani
 
Webmin configuration in Linux
Webmin configuration in LinuxWebmin configuration in Linux
Webmin configuration in LinuxThamizharasan P
 

Andere mochten auch (20)

Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security Features
 
SELinux basics
SELinux basicsSELinux basics
SELinux basics
 
Supply Chain som Værdiskaber - Associate Professor Kim Sundtoft Hald
Supply Chain som Værdiskaber - Associate Professor Kim Sundtoft HaldSupply Chain som Værdiskaber - Associate Professor Kim Sundtoft Hald
Supply Chain som Værdiskaber - Associate Professor Kim Sundtoft Hald
 
46 customizing se linux policy
46 customizing se linux policy46 customizing se linux policy
46 customizing se linux policy
 
Ubuntu an absolute beginners guide
Ubuntu an absolute beginners guideUbuntu an absolute beginners guide
Ubuntu an absolute beginners guide
 
Linux training
Linux trainingLinux training
Linux training
 
Linux Based Network Proposal
Linux Based Network ProposalLinux Based Network Proposal
Linux Based Network Proposal
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-I
 
Linux conf-admin
Linux conf-adminLinux conf-admin
Linux conf-admin
 
CLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemCLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init system
 
Operating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsOperating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systems
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
 
Linux apache installation
Linux apache installationLinux apache installation
Linux apache installation
 
ISCSI server configuration
ISCSI server configurationISCSI server configuration
ISCSI server configuration
 
Nagios Conference 2013 - David Stern - The Nagios Light Bar
Nagios Conference 2013 - David Stern - The Nagios Light BarNagios Conference 2013 - David Stern - The Nagios Light Bar
Nagios Conference 2013 - David Stern - The Nagios Light Bar
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009
 
Apache server configuration
Apache server configurationApache server configuration
Apache server configuration
 
DNS server configurationDns server configuration
DNS server configurationDns server configurationDNS server configurationDns server configuration
DNS server configurationDns server configuration
 
Network configuration in Linux
Network configuration in LinuxNetwork configuration in Linux
Network configuration in Linux
 
Webmin configuration in Linux
Webmin configuration in LinuxWebmin configuration in Linux
Webmin configuration in Linux
 

Ähnlich wie SELinux for Everyday Users

SELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupSELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupJayant Chutke
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptxPandiya Rajan
 
How to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MNHow to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MNGene Kartavtsev
 
SELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptxSELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptxAbhradipChatterjee2
 
SELinux workshop
SELinux workshopSELinux workshop
SELinux workshopjohseg
 
4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanentlychinkshady
 
Security Enhanced Linux Overview
Security Enhanced Linux OverviewSecurity Enhanced Linux Overview
Security Enhanced Linux OverviewEmre Can Kucukoglu
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTAshley Deuble
 
About linux-english
About linux-englishAbout linux-english
About linux-englishShota Ito
 
SELinux Johannesburg Linux User Group (JoziJUg)
SELinux Johannesburg Linux User Group (JoziJUg)SELinux Johannesburg Linux User Group (JoziJUg)
SELinux Johannesburg Linux User Group (JoziJUg)Jumping Bean
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Winbmbouter
 
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkLecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkMohammed Farrag
 

Ähnlich wie SELinux for Everyday Users (20)

SELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupSELinux_@gnu_group_meetup
SELinux_@gnu_group_meetup
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptx
 
How to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MNHow to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MN
 
SELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptxSELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptx
 
کارگاه امنیت با عنوان Stop Disabling SElinux
کارگاه امنیت با عنوان Stop Disabling SElinuxکارگاه امنیت با عنوان Stop Disabling SElinux
کارگاه امنیت با عنوان Stop Disabling SElinux
 
File000127
File000127File000127
File000127
 
SELinux workshop
SELinux workshopSELinux workshop
SELinux workshop
 
4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently
 
Selinux
SelinuxSelinux
Selinux
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
 
Security Enhanced Linux Overview
Security Enhanced Linux OverviewSecurity Enhanced Linux Overview
Security Enhanced Linux Overview
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
Hiding files.pptx
Hiding files.pptxHiding files.pptx
Hiding files.pptx
 
Linux remote
Linux remoteLinux remote
Linux remote
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERT
 
About linux-english
About linux-englishAbout linux-english
About linux-english
 
SELinux Johannesburg Linux User Group (JoziJUg)
SELinux Johannesburg Linux User Group (JoziJUg)SELinux Johannesburg Linux User Group (JoziJUg)
SELinux Johannesburg Linux User Group (JoziJUg)
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Win
 
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkLecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
 
App locker
App lockerApp locker
App locker
 

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 

Kürzlich hochgeladen (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

SELinux for Everyday Users

  • 3.
  • 4.
  • 6.
  • 8.
  • 9.
  • 12.
  • 15.
  • 16.
  • 18.
  • 21. SELinux Don't be afraid!
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27. Fedora since Core 2 (2004)
  • 28. RHEL since version 4 (2005)
  • 29.
  • 30. Fedora since Core 2 (2004)
  • 31. RHEL since version 4 (2005)
  • 33. Ubuntu since Hardy Heron 8.04 (2008)
  • 34. SELinux How does it work?
  • 35.
  • 36.
  • 38.
  • 40. Checks database of rules on syscalls
  • 41.
  • 43. Checks database of rules on syscalls
  • 44. Allows or denies based on policy
  • 45. SELinux What does it really do?
  • 46.
  • 47.
  • 48.
  • 49. Policies limit what a daemon can access and how.
  • 50.
  • 51. Policies limit what a daemon can access and how.
  • 52. Prevents daemon compromise affecting other files.
  • 53.
  • 54. Policies limit what a daemon can access and how.
  • 55. Prevents daemon compromise affecting other files / users / ports / etc.
  • 56.
  • 57. User processes are unaffected
  • 58.
  • 59.
  • 60.
  • 61.
  • 62. Firefox still gets to crash your system
  • 63.
  • 64.
  • 65. Firefox still gets to crash your system
  • 66. New policy being written to help that
  • 67.
  • 68.
  • 69.
  • 70. A file has a context
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 77. ps -Z
  • 78.
  • 79. netstat -Z tcp 0 0 tachyon:54421 upload.pmtpa.wikimedia:http ESTABLISHED 4243/firefox unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcp 1 0 tachyon.tangram.dnsal:46882 media:daap CLOSE_WAIT 1837/rhythmbox unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
  • 80. ps -Z LABEL PID TTY TIME CMD unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 5950 pts/1 00:00:00 bash unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 6293 pts/1 00:00:00 ps
  • 81.
  • 82. netstat -Z tcp 0 0 tachyon:54421 upload.pmtpa.wikimedia:http ESTABLISHED 4243/firefox unconfined_u:unconfined_r: unconfined_t :s0-s0:c0.c1023 tcp 1 0 tachyon.tangram.dnsal:46882 media:daap CLOSE_WAIT 1837/rhythmbox unconfined_r: unconfined_execmem_t :s0-s0:c0.c1023
  • 83. ps -Z LABEL PID TTY TIME CMD unconfined_u:unconfined_r: unconfined_t :s0-s0:c0.c1023 5950 pts/1 00:00:00 bash unconfined_u:unconfined_r: unconfined_t :s0-s0:c0.c1023 6293 pts/1 00:00:00 ps
  • 84. The type_t is the only thing you need look at
  • 85.
  • 86.
  • 87.
  • 88.
  • 89.
  • 90. Looks up the database of rules and finds the correct context for that file
  • 91. SELinux – how do I use it? [root@tachyon ~]# ls -Z /etc/group -rw-r--r-- root root system_u:object_r:etc_t:s0 /etc/group
  • 92. SELinux – how do I use it? [root@tachyon ~]# ls -Z /etc/group -rw-r--r-- root root system_u:object_r:etc_t:s0 /etc/group [root@tachyon ~]# cp /etc/group /tmp [root@tachyon ~]# mv /tmp/group /etc [root@tachyon ~]# ls -Z /etc/group -rw-r--r-- root root system_u:object_r:user_tmp_t:s0 /etc/group
  • 93. SELinux – how do I use it? [root@tachyon ~]# ls -Z /etc/group -rw-r--r-- root root system_u:object_r:etc_t:s0 /etc/group [root@tachyon ~]# cp /etc/group /tmp [root@tachyon ~]# mv /tmp/group /etc [root@tachyon ~]# ls -Z /etc/group -rw-r--r-- root root system_u:object_r:user_tmp_t:s0 /etc/group [root@tachyon ~]# restorecon -R -v /etc/group restorecon reset /etc/group context system_u:object_r:user_tmp_t:s0->system_u:object_r:etc_t:s0 [root@tachyon ~]# ls -Z /etc/group -rw-r--r-- root root system_u:object_r:etc_t:s0 /etc/group
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99.
  • 100.
  • 101.
  • 102.
  • 103.
  • 104.
  • 105.
  • 106.
  • 107. 2: getsebool and setsebool
  • 108.
  • 110.
  • 111.
  • 113.
  • 114. SELinux – how do I see it? [root@tachyon ~]# tail -4 /var/log/audit/audit.log
  • 115. SELinux – how do I see it? [root@tachyon ~]# tail -4 /var/log/audit/audit.log type=AVC msg=audit(1219408121.814:62): avc: denied { read } for pid=2184 comm="hald" name="group" dev=dm-0 ino=460208 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file type=SYSCALL msg=audit(1219408121.814:62): arch=40000003 syscall=5 success=no exit=-13 a0=119f2d a1=80000 a2=1b6 a3=80000 items=0 ppid=1 pid=2184 auid=4294967295 uid=68 gid=68 euid=68 suid=68 fsuid=68 egid=68 sgid=68 fsgid=68 tty=(none) ses=4294967295 comm="hald" exe="/usr/sbin/hald" subj=system_u:system_r:hald_t:s0 key=(null) type=AVC msg=audit(1219408127.814:63): avc: denied { read } for pid=2184 comm="hald" name="group" dev=dm-0 ino=460208 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file type=SYSCALL msg=audit(1219408127.814:63): arch=40000003 syscall=5 success=no exit=-13 a0=119f2d a1=80000 a2=1b6 a3=80000 items=0 ppid=1 pid=2184 auid=4294967295 uid=68 gid=68 euid=68 suid=68 fsuid=68 egid=68 sgid=68 fsgid=68 tty=(none) ses=4294967295 comm="hald" exe="/usr/sbin/hald" subj=system_u:system_r:hald_t:s0 key=(null)
  • 116. SELinux – how do I use it? [root@tachyon ~]# grep hald /var/log/audit/audit.log | audit2why type=AVC msg=audit(1219408127.814:63): avc: denied { read } for pid=2184 comm="hald" name="group" dev=dm-0 ino=460208 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access.
  • 117.
  • 118. 2: getsebool and setsebool
  • 119. 3: audit2why or audit2allow
  • 120.
  • 121. 2: getsebool and setsebool
  • 122.
  • 123.
  • 124. 2: getsebool and setsebool
  • 125.
  • 127.