WEBVTT

1
00:00:00.000 --> 00:00:01.290
In this lesson,

2
00:00:01.290 --> 00:00:04.500
we will learn about operating system security.

3
00:00:04.500 --> 00:00:06.026
Operating system security

4
00:00:06.026 --> 00:00:08.477
refers to the measures and mechanisms

5
00:00:08.477 --> 00:00:12.690
implemented within an operating system or OS

6
00:00:12.690 --> 00:00:16.440
to protect it from unauthorized access, malware,

7
00:00:16.440 --> 00:00:18.870
and other security threats.

8
00:00:18.870 --> 00:00:23.130
In this section, we will focus on Security-Enhanced Linux,

9
00:00:23.130 --> 00:00:25.358
also known as SELinux.

10
00:00:25.358 --> 00:00:27.646
SELinux is a security module

11
00:00:27.646 --> 00:00:32.160
integrated into the Linux kernel that provides a framework

12
00:00:32.160 --> 00:00:35.970
for supporting access control security policies.

13
00:00:35.970 --> 00:00:38.850
Let's learn more about Security-Enhanced Linux,

14
00:00:38.850 --> 00:00:40.620
or SELinux.

15
00:00:40.620 --> 00:00:42.518
SELinux is a security module

16
00:00:42.518 --> 00:00:45.990
directly integrated into the Linux kernel.

17
00:00:45.990 --> 00:00:49.740
It is designed to enforce strict security policies

18
00:00:49.740 --> 00:00:51.840
that control access to files,

19
00:00:51.840 --> 00:00:54.089
processes, and other resources.

20
00:00:54.089 --> 00:00:56.700
It operates at the kernel level,

21
00:00:56.700 --> 00:00:59.340
intercepting every access attempt

22
00:00:59.340 --> 00:01:02.430
and checking it against predefined policies

23
00:01:02.430 --> 00:01:05.580
before allowing or denying the action.

24
00:01:05.580 --> 00:01:08.820
For example, when a web server process

25
00:01:08.820 --> 00:01:11.340
tries to read a configuration file,

26
00:01:11.340 --> 00:01:14.460
SELinux checks the security context

27
00:01:14.460 --> 00:01:16.966
of both the process and the file.

28
00:01:16.966 --> 00:01:20.130
A security context in SELinux

29
00:01:20.130 --> 00:01:22.500
is a set of security attributes

30
00:01:22.500 --> 00:01:24.662
assigned to files, processes,

31
00:01:24.662 --> 00:01:27.180
and other system resources

32
00:01:27.180 --> 00:01:30.720
that define how they can interact with each other,

33
00:01:30.720 --> 00:01:34.080
based on the enforced security policies.

34
00:01:34.080 --> 00:01:37.860
Security contexts are assigned to every file,

35
00:01:37.860 --> 00:01:40.230
process, and resource.

36
00:01:40.230 --> 00:01:43.710
For example, if a policy does not explicitly

37
00:01:43.710 --> 00:01:47.310
allow a web server to access a specific file,

38
00:01:47.310 --> 00:01:49.560
SELinux will deny the attempt,

39
00:01:49.560 --> 00:01:52.890
blocking the process and logging the denial.

40
00:01:52.890 --> 00:01:56.820
This mechanism ensures that only authorized actions

41
00:01:56.820 --> 00:02:00.660
as defined by security policies are permitted,

42
00:02:00.660 --> 00:02:04.030
greatly reducing the risk of unauthorized access

43
00:02:04.030 --> 00:02:07.260
or malicious activities on the system.

44
00:02:07.260 --> 00:02:12.017
Additionally, SELinux uses Mandatory Access Control or MAC,

45
00:02:12.017 --> 00:02:13.367
a security model

46
00:02:13.367 --> 00:02:17.400
that enforces strict rules on access rights

47
00:02:17.400 --> 00:02:20.700
by applying policies that dictate what actions

48
00:02:20.700 --> 00:02:24.780
users, applications, and processes can perform,

49
00:02:24.780 --> 00:02:27.840
regardless of their traditional permissions.

50
00:02:27.840 --> 00:02:31.530
This is achieved through the use of labels and tags,

51
00:02:31.530 --> 00:02:34.890
which are assigned as part of the security context

52
00:02:34.890 --> 00:02:38.756
to every file, process, and system resource.

53
00:02:38.756 --> 00:02:42.240
Each security context includes tags,

54
00:02:42.240 --> 00:02:46.350
such as user, role, type, and level,

55
00:02:46.350 --> 00:02:48.583
which define how these labeled objects

56
00:02:48.583 --> 00:02:51.180
can interact with one another

57
00:02:51.180 --> 00:02:54.630
according to the enforced security policies.

58
00:02:54.630 --> 00:02:58.050
For example, a file might have a type label

59
00:02:58.050 --> 00:03:02.160
that only allows specific processes to access it,

60
00:03:02.160 --> 00:03:04.620
while a process has its own labels

61
00:03:04.620 --> 00:03:08.940
specifying what types of files it can read or modify.

62
00:03:08.940 --> 00:03:12.060
This relationship between labels and tags

63
00:03:12.060 --> 00:03:15.720
ensures that SELinux makes access decisions

64
00:03:15.720 --> 00:03:17.848
based on predefined policies,

65
00:03:17.848 --> 00:03:20.910
rather than standard user permissions,

66
00:03:20.910 --> 00:03:23.580
providing an extra layer of control

67
00:03:23.580 --> 00:03:28.470
to prevent unauthorized actions and enhance system security.

68
00:03:28.470 --> 00:03:31.680
In an enterprise, SELinux is often used

69
00:03:31.680 --> 00:03:35.190
to secure critical servers and applications.

70
00:03:35.190 --> 00:03:38.460
For instance, administrators can set policies

71
00:03:38.460 --> 00:03:42.780
that prevent a database server from accessing any files

72
00:03:42.780 --> 00:03:45.480
outside of its own data directory.

73
00:03:45.480 --> 00:03:48.600
So, even if a hacker finds a vulnerability

74
00:03:48.600 --> 00:03:50.730
into the database software,

75
00:03:50.730 --> 00:03:53.250
SELinux will stop them from accessing

76
00:03:53.250 --> 00:03:56.130
or altering other parts of the system.

77
00:03:56.130 --> 00:04:00.300
Implementing SELinux involves setting up security rules

78
00:04:00.300 --> 00:04:02.610
using command-line tools.

79
00:04:02.610 --> 00:04:06.840
For example, the S-E-T-S-E-B-O-O-L

80
00:04:06.840 --> 00:04:08.850
or setsebool command,

81
00:04:08.850 --> 00:04:12.240
is used to enable or disable settings

82
00:04:12.240 --> 00:04:14.940
by toggling Boolean options.

83
00:04:14.940 --> 00:04:17.829
The semanage command helps manage policies

84
00:04:17.829 --> 00:04:21.960
like adding rules to allow new applications access

85
00:04:21.960 --> 00:04:23.653
to specific directories,

86
00:04:23.653 --> 00:04:27.900
and the audit2allow tool creates custom rules

87
00:04:27.900 --> 00:04:30.720
by analyzing logged denials.

88
00:04:30.720 --> 00:04:33.570
These security rules allow administrators

89
00:04:33.570 --> 00:04:35.820
to quickly generate policies

90
00:04:35.820 --> 00:04:39.780
to permit previously blocked actions when needed.

91
00:04:39.780 --> 00:04:44.340
Now, let's conduct a demonstration of SELinux.

92
00:04:44.340 --> 00:04:47.843
For this demonstration, SELinux is installed,

93
00:04:47.843 --> 00:04:51.570
configured, and running in enforcing mode

94
00:04:51.570 --> 00:04:54.030
on this Kali Linux system.

95
00:04:54.030 --> 00:04:57.780
First, let's ensure everything is set up correctly.

96
00:04:57.780 --> 00:05:00.633
We'll do this with the sestatus command.

97
00:05:03.120 --> 00:05:07.140
We can see that SELinux status is enabled

98
00:05:07.140 --> 00:05:10.759
and the current mode is enforcing.

99
00:05:10.759 --> 00:05:13.680
Second, let's set up a test environment

100
00:05:13.680 --> 00:05:16.650
by creating a test directory and file.

101
00:05:16.650 --> 00:05:19.030
We'll do this by creating a directory

102
00:05:21.000 --> 00:05:24.564
called tmp and then selinux-test.

103
00:05:24.564 --> 00:05:28.470
Then, we'll create a file in that directory

104
00:05:28.470 --> 00:05:31.543
called secure-file.txt.

105
00:05:31.543 --> 00:05:34.498
Let's now take a look at the security context

106
00:05:34.498 --> 00:05:39.150
of our newly created secure-file.text file.

107
00:05:39.150 --> 00:05:41.940
We'll do this with the following command:

108
00:05:41.940 --> 00:05:45.360
ls -z/tmp/selinux-test

109
00:05:45.360 --> 00:05:48.033
and then the secure-file.txt.

110
00:05:49.230 --> 00:05:51.153
This is our context.

111
00:05:52.140 --> 00:05:57.000
Our context is comprised of user, role, type,

112
00:05:57.000 --> 00:05:58.833
and the level information.

113
00:05:59.820 --> 00:06:02.880
First is the user information.

114
00:06:02.880 --> 00:06:06.690
Ours is unconfined_u.

115
00:06:06.690 --> 00:06:10.350
Unconfined_u typically represents a user

116
00:06:10.350 --> 00:06:13.770
who is not restricted by SELinux policies

117
00:06:13.770 --> 00:06:16.920
and has fewer security constraints.

118
00:06:16.920 --> 00:06:19.633
Next, we have the role defined,

119
00:06:19.633 --> 00:06:23.043
in this case object_r.

120
00:06:24.030 --> 00:06:25.908
Object_r is the common role

121
00:06:25.908 --> 00:06:28.440
for files and other objects,

122
00:06:28.440 --> 00:06:30.845
such as a directories and devices,

123
00:06:30.845 --> 00:06:32.816
meaning it's a regular object

124
00:06:32.816 --> 00:06:37.076
without any specific elevated or restricted roles.

125
00:06:37.076 --> 00:06:39.782
Next, we have the type:

126
00:06:39.782 --> 00:06:41.973
user_tmp_t.

127
00:06:42.900 --> 00:06:47.370
User_tmp_t is used for files that are temporary

128
00:06:47.370 --> 00:06:50.730
and can be accessed by standard users.

129
00:06:50.730 --> 00:06:54.690
Finally, we have the sensitivity level.

130
00:06:54.690 --> 00:06:59.490
In this case, s0 is the default sensitivity level

131
00:06:59.490 --> 00:07:02.805
representing the lowest level of clearance.

132
00:07:02.805 --> 00:07:05.700
Now that we understand the context,

133
00:07:05.700 --> 00:07:09.000
let's change this file security context

134
00:07:09.000 --> 00:07:12.300
to a type meant for web server content.

135
00:07:12.300 --> 00:07:15.811
For example, httpd_sys_content_t.

136
00:07:15.811 --> 00:07:19.645
For example, httpd_sys_content_t.

137
00:07:19.645 --> 00:07:23.430
This context is used for web server files

138
00:07:23.430 --> 00:07:27.660
restricting access to HTTP daemons only.

139
00:07:27.660 --> 00:07:30.327
We'll do this with the following command:

140
00:07:30.327 --> 00:07:33.835
sudo chcon -t httpd_sys_content_t

141
00:07:33.835 --> 00:07:38.390
sudo chcon -t httpd_sys_content_t

142
00:07:38.390 --> 00:07:39.223
/tmp/selinux-test/secure-file.txt.

143
00:07:39.223 --> 00:07:43.297
/tmp/selinux-test/secure-file.txt.

144
00:07:45.600 --> 00:07:49.503
Now, let's take another look at that security context.

145
00:07:50.340 --> 00:07:54.540
You can see that the context type has changed

146
00:07:54.540 --> 00:07:56.540
to httpd_sys_content_t.

147
00:07:58.770 --> 00:08:03.060
So, if a command such as cat or concatenate

148
00:08:03.060 --> 00:08:07.320
were used to access this file from a standard user terminal,

149
00:08:07.320 --> 00:08:09.660
we wouldn't expect it to work

150
00:08:09.660 --> 00:08:12.720
because a web server should not be accessing this file

151
00:08:12.720 --> 00:08:14.640
with the cat command.

152
00:08:14.640 --> 00:08:16.830
So, in enforcing mode,

153
00:08:16.830 --> 00:08:19.770
SELinux would block this request.

154
00:08:19.770 --> 00:08:23.970
So, remember, operating system security

155
00:08:23.970 --> 00:08:25.838
involves implementing measures

156
00:08:25.838 --> 00:08:30.838
to protect an operating system from unauthorized access,

157
00:08:30.870 --> 00:08:34.140
malware, or other security threats.

158
00:08:34.140 --> 00:08:38.550
One powerful tool for enhancing security on Linux systems

159
00:08:38.550 --> 00:08:42.040
is Security-Enhanced Linux or SELinux.

160
00:08:42.040 --> 00:08:46.410
SELinux enforces strict access control policies

161
00:08:46.410 --> 00:08:48.810
using security contexts,

162
00:08:48.810 --> 00:08:50.216
which are sets of labels

163
00:08:50.216 --> 00:08:54.480
assigned to files, processes, and resources

164
00:08:54.480 --> 00:08:58.110
that define how they can interact with each other.

165
00:08:58.110 --> 00:09:01.860
By controlling access through security contexts,

166
00:09:01.860 --> 00:09:04.470
SELinux keeps systems secure

167
00:09:04.470 --> 00:09:08.403
from unauthorized actions and potential threats.