Transcript Linux Security

Secure Operating Systems
Lesson C: Linux Security Features
Where are we?



Multics is beautiful, Multics is beautiful,
Multics is beautiful…
And also, we’ve looked at some of the ways
operating systems get broken
Let’s look at a well known OS today: Linux
Linux: Overview







Accounts, authentication
File permissions
Secure Access
Encrypted storage
Logging
Resource usage controls…
It’s a long list. Let’s take a look.
User Accounts



The Unix model is pretty straightforward
An entity has a user account; this account can
be associated with groups
Usually, there is one superuser, root – this
account has complete control of the system
PAM: Authentication

User accounts don’t help if you can’t authenticate, so
Linux provides PAM


Pluggable Authentication Module
PAM allows us fine grained support on logins and
authentication




Account modules: auth is valid under current conditions
(time of day, phase of moon…)
Authentication modules: authenticates the user
Password modules: Updating passwords, and measuring
password strength
Session modules: things to do at the start and end of every
session
Protection: Files




Files can be protected at the user, group,
world, level
Valid permissions are read, write, execute
umask provides default permissions for a user
on files and directories
Setuid bit – is this a vuln or a feature? Let’s
discuss…
Secure Access




None of the above matters if we can’t log in
to the box securely
Linux has a few features.
Most notably, we can restrict the places root
can log in from – perhaps to a local physical
console
All remote connections come in through sshd
– compare to telnet
Encrypted storage



First, let’s be clear… what are we protecting
from?
With that said, we can create an encrypted
bootload and encrypted storage in Linux
Protecting the boot sequence is pretty
important – we’ll revisit that when we look at
Windows 8
Logging


Or even audit…there’s syslog and auditing
In more up to date Linii, there’s auditd





Very flexible auditing system, that provides very
granular logging of events
Configured by audit rules
Tampering?
At the less granular level, there’s syslog etc.
In essence: you have the ability to see, if you
choose to look
Resource control


Linux can control how much of a resource a
particular user uses, too
Quota can also provide hard limits
Non-Executable Memory



Linux has supported the NX bit for almost
TEN years (!!!)
You do need to check your distribution and
kernel configuration though
Remind me: what does this achieve?
ASLR

Yes, Linux has address space layout
randomization as a kernel option
GCC assistance


Pointer encryption
-Wformat –Wformat-security





Not much use if you don’t pay attention
-D_FORTIFY_SOURCE=2 –O2 – put in runtime
and compile time checks on buffers
Built in stack canaries
Position Independent Executables (PIE)
ELF hardening (mark segments r/o before
execution
Things to Do

Take a look at the little Linux machine you
installed earlier in the semester. What security
features are available? What areas can you
harden the configuration. Tell me what you
did to try and harden the OS…
Questions & Comments

What do you want to know?