From owner-securedistros@nl.linux.org Sun Dec 10 23:36:09 2000
Received: by humbolt.nl.linux.org id <S92203AbQLJWeh>;
	Sun, 10 Dec 2000 23:34:37 +0100
Received: from maynard.mail.mindspring.net ([207.69.200.243]:4649 "EHLO
        maynard.mail.mindspring.net") by humbolt.nl.linux.org with ESMTP
	id <S92183AbQLJWdy>; Sun, 10 Dec 2000 23:33:54 +0100
Received: from cavu.com (user-38ld7ir.dialup.mindspring.com [209.86.158.91])
	by maynard.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id RAA11377;
	Sun, 10 Dec 2000 17:33:46 -0500 (EST)
Message-Id: <200012102233.RAA11377@maynard.mail.mindspring.net>
Date:   Sun, 10 Dec 2000 10:52:48 -0500
From:   Book <book@cavu.com>
To:     securedistros@nl.linux.org
Subject: New Linux security book
Cc:     Christy_Schaack@prenhall.com
Sender: owner-securedistros@nl.linux.org
Precedence: bulk
Reply-To: securedistros@nl.linux.org
Return-Path: <owner-securedistros@nl.linux.org>
X-Orcpt: rfc822;securedistros-list

My book "Real World Linux Security: Intrusion Prevention, Detection and
Recovery" was published by Prentice Hall PTR on November 14 and is shipping
now from all of the usual places.

It offers a step-by-step way to secure Linux and UNIX systems.  It is
designed so that each step can be done separately, a little bit at a
time; I realize that a busy SysAdmin cannot simply take production
systems down for a week for "security upgrades".  Almost all steps can
be done on production systems without rebooting or even disrupting
current services.  Each vulnerability and security improvement is marked
with from one to five "skull and cross bones" to indicate how severe a
problem it is.

I spend 60,000 words on how to detect attacks and recover from successful
attacks in minutes instead of hours or days.  The recognition that no
system is 100% secure and that a good system administrator will be
prepared for a break-in is unique among security books.

It covers the "Seven Deadly Sins of Linux Security", the nitty-gritty
of securing the Apache web server, Sendmail, and FTP, quickly detecting and
alerting the system administrator (via pager) if one's web pages are defaced
or an attack is initiated, and so much more.

It takes the reader through building, installing, and using TCP Wrappers,
IP Chains, the Secure Shell (ssh), the GNU version of PGP, Tripwire, the
Deception Tool Kit, and many other important tools.

Most of the problems raised in Bruce Schneier's new book, "Secrets and
Lies: Digital Security in a Networked World", are addressed in my book
and solutions are offered and explained.

I hope you will consider publicizing and reviewing it.  Please contact
Prentice Hall's Publicist at Christy_Schaack@prenhall.com to arrange a
review copy.

I'd be delighted to do an interview, etc.

The foreword is by Eric Raymond, one of the best-known Linux advocates.
Eric starts his foreword with:

  "You have in your hands a book I've been waiting to read for years -- a
  practical, hands-on guide to hardening your Linux system which also
  manages to illuminate the larger issues in Unix security and computer
  security in general."

Steve Bourne (who created the Bourne shell for UNIX and who was one of the
original Bell Labs UNIX researchers) provides the cover quote:

  "A comprehensive guide to system security - covers everything from
  hardening a system to system recovery after an attack."

The book is 700 pages with a CD-ROM of some of the tools I created as
well as lots of open source tools.

There's more info on it at http://www.realworldlinuxsecurity.com/ and Prentice
Hall's publicist, Christy_Schaack@prenhall.com, should be contacted to provide
a review copy of the book.  It's available for advance order on Amazon and
will be available by the end of November from all of the usual places,
including Amazon, Barnes & Noble, Borders, www.fatbrain.com, and
www.softpro.com.

ISBN 0-13-028187-5

About the author

As an undergraduate at Berkeley in the late 1970s, he learned about
security by breaking into the UNIX systems there, successfully evading such
system administrators as Jeff Schriebmann, Bill Joy, and Bob Kridle;
they later founded UniSoft, Sun, and Mt. Xinu.  Bob is one of the 162
recognized developers of Berkeley UNIX.

He was one of the four developers who did the initial port of UNIX to the
Silicon Graphics hardware and has hacked the kernel of a C2-compliant secure
UNIX system.

Bob was the architect of the client/server system that NASA's Kennedy Space
Center uses to communicate with the 3000 PCs used to store and retrieve
the 900 GB of documents pertaining to Space Shuttle Payloads.
He was the UNIX System Administrator for the Americas
Computer Center for one of the world's largest shipping companies.

Bob was the architect for the server controlling a popular Linux-based
Network Disk appliance, the Netgear ND508 and ND520.  Mr. Toxen wrote
"The Problem Solver" column for UNIX Review magazine and has given many
classes on Linux and UNIX.

He created the Sunset Computer at http://www.cavu.com/sunset.html, used
by hundreds of thousands of people around the world to determine sunrise
and sunset and local time.  (Even "Ask Jeeves" recommends it.) These
include private, commercial, and military pilots, air traffic
controllers, photographers, the U.S. Army for planning maneuvers,
hunters and game wardens, truckers, and police officers.

He has used eBay only once, to bid on and purchase his Rolls-Royce
that now sports a "LINUX" front license tag.

The book was technically reviewed by:

     Kurt Seifried, Sr. analyst, SecurityPortal.com
     Michael Warfield, Sr. Wizard X-Force, Internet Security Systems
     Larry Gee, Architect, ApplianceWare
     Stephen Friedl, Consultant
     Mike O'Shaughnessy, Quarry Technologies
     Dr. Indira Moyer, Consultant

Bob lives in Atlanta, GA, where he is president and CTO of Fly-By-Day
Consulting, Inc., which offers consulting services in Linux and UNIX
security, client/server creation, system administration, porting, and
general network-oriented C programming -- done right the first time.

Best regards,

Bob Toxen
bob@cavu.com
+1 770-662-8321 (10 am-10 pm in U.S. Eastern Time Zone)
+1 404-216-5100 (Cell phone)
http://www.realworldlinuxsecurity.com/ [My new book: Real World Linux Security]
http://www.cavu.com/
http://www.cavu.com/sunset.html/       [Sunset Computer]
Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Atlanta, GA
Quality Linux & UNIX security and software consulting since 1990.

GPG Public key available at http://www.cavu.com/pubkey.txt (book@cavu.com)
pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book@cavu.com>
     Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
sub  2048g/03FFCCB9 2000-06-21
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

From owner-securedistros@nl.linux.org Thu Dec 21 04:46:26 2000
Received: by humbolt.nl.linux.org id <S92172AbQLUDoN>;
	Thu, 21 Dec 2000 04:44:13 +0100
Received: from [202.118.6.201] ([202.118.6.201]:61708 "EHLO
        winproxy.neu-alpine.com") by humbolt.nl.linux.org with ESMTP
	id <S92170AbQLUDnj>; Thu, 21 Dec 2000 04:43:39 +0100
Received: from dutl ([192.168.64.69]) by winproxy.neu-alpine.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id YT1B88P1; Thu, 21 Dec 2000 11:38:49 +0800
Message-ID: <004501c06b00$35be2640$be42a8c0@dutl>
From:   "163" <dutl@neu-alpine.com>
To:     <securedistros@nl.linux.org>
Subject: help
Date:   Thu, 21 Dec 2000 11:43:40 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0042_01C06B43.43537E20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-securedistros@nl.linux.org
Precedence: bulk
Reply-To: securedistros@nl.linux.org
Return-Path: <owner-securedistros@nl.linux.org>
X-Orcpt: rfc822;securedistros-list

This is a multi-part message in MIME format.

------=_NextPart_000_0042_01C06B43.43537E20
Content-Type: text/plain;
	charset="gb2312"
Content-Transfer-Encoding: quoted-printable



------=_NextPart_000_0042_01C06B43.43537E20
Content-Type: text/html;
	charset="gb2312"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dgb2312">
<META content=3D"MSHTML 5.50.4134.100" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0042_01C06B43.43537E20--

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

From owner-securedistros@nl.linux.org Fri Dec 22 18:40:53 2000
Received: by humbolt.nl.linux.org id <S92211AbQLVRiY>;
	Fri, 22 Dec 2000 18:38:24 +0100
Received: from storm.ca ([209.87.239.69]:459 "EHLO mail.storm.ca")
	by humbolt.nl.linux.org with ESMTP id <S92263AbQLVRhV>;
	Fri, 22 Dec 2000 18:37:21 +0100
Received: from storm.ca (ppp-209-87-255-3.ottawa.storm.ca [209.87.255.3])
	by mail.storm.ca (8.9.3+Sun/8.9.3) with ESMTP id MAA04177
	for <securedistros@nl.linux.org>; Fri, 22 Dec 2000 12:37:18 -0500 (EST)
Message-ID: <3A43910E.907CF6B0@storm.ca>
Date:   Fri, 22 Dec 2000 12:36:14 -0500
From:   Sandy Harris <sandy@storm.ca>
X-Mailer: Mozilla 4.76 [en] (Win98; U)
X-Accept-Language: en,fr
MIME-Version: 1.0
To:     securedistros@nl.linux.org
Subject: [Fwd: Security-enhanced Linux available at NSA site]
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-securedistros@nl.linux.org
Precedence: bulk
Reply-To: securedistros@nl.linux.org
Return-Path: <owner-securedistros@nl.linux.org>
X-Orcpt: rfc822;securedistros-list



-------- Original Message --------
Subject: Security-enhanced Linux available at NSA site
Date: Fri, 22 Dec 2000 09:02:23 -0500 (EST)
From: pal@epoch.ncsc.mil (Pete Loscocco)
To: linux-kernel@vger.kernel.org

The Information Assurance Research Office of the National Security
Agency is pleased to make available a prototype version of a
security-enhanced Linux system (http://www.nsa.gov/selinux). This
version of Linux has a strong, flexible mandatory access control
architecture incorporated into the major subsystems of the kernel.  The
system provides a mechanism to enforce the separation of information
based on confidentiality and integrity requirements. This allows
threats of tampering and bypassing of application security mechanisms
to be addressed and enables the confinement of damage that can be
caused by malicious or flawed applications.  The release also contains
configuration files as an example of a general-purpose security policy
configuration designed to address a number of security objectives. The
system is being released under the conditions of the GNU General Public
License.

Recognizing the critical role of operating system security mechanisms
in supporting security at higher levels, NSA researchers have been
investigating an operating system architecture that can provide the
necessary security functionality in a manner that can meet the security
needs of a wide range of computing environments. Previously, this
architecture was implemented for the Mach and Fluke operating systems.
It has now been integrated into Linux.

We chose Linux as the platform for our work because its growing
success and open development environment provide an excellent
opportunity to demonstrate that this functionality can be successful in
a mainstream operating system and, at the same time, contribute to the
security of a widely used system. We are not presenting this system as
a complete security solution for Linux, nor are we attempting to
correct any flaws that may currently exist in Linux.  Instead, we are
simply presenting an example of how mandatory access controls
that can confine the actions of any process, including a superuser
process, can be effectively added into Linux.  We feel that a Linux
implementation offers the best opportunity for this work to receive the
widest possible review and perhaps be the basis for additional
security research.

The security mechanisms implemented in the system provide flexible
support for a wide range of security policies. The currently implemented
access controls are a combination of type enforcement and role-based
access control. The specific policy that is enforced by the kernel is
dictated by security policy configuration files which include type
enforcement and role-based access control components.

The type enforcement component defines an extensible set of domains
and types.  Each process has an associated domain, and each object has
an associated type.  The configuration files specify how domains are
allowed to access types and to interact with other domains.  They specify
what types (when applied to programs) can be used to enter each domain
and the allowable transitions between domains.  They also specify
automatic transitions between domains when programs of certain types
are executed.  Such transitions ensure that system processes and
certain programs are placed into their own separate domains
automatically when executed.

The role-based access control component defines an extensible set of
roles.  Each process has an associated role.  This ensures that system
processes and those used for system administration can be separated
from those of ordinary users. The configuration files specify the set
of domains that may be entered by each role.  As users execute
programs, transitions to other domains may, according to the policy
configuration, automatically occur to support changes in privilege.

Using these security policy abstractions, it is possible to configure
the system to meet a wide range of security requirements. The release
includes an example of a general-purpose security policy configuration
designed to meet a number of security objectives as an example of how
this may be done. The flexibility of the system allows the policy to be
modified and extended to customize the security policy as required for
any given installation.

The example configuration controls access to various forms of raw data
and protects the integrity of the kernel.  It defines distinct types
for the boot files, module object files, module utilities, module
configuration files and sysctl parameters, and it defines separate
domains for processes that require write access to these files.  It
defines separate domains for the privileged module utilities, and it
restricts the use of the module capability to these domains.  It only
allows the administrator domain to transition to the privileged module
utility domains.

The example configuration protects the integrity of system software, system
configuration information and system logs. It defines distinct types
for system libraries and binaries to control access to these files.  It
only allows administrators to modify system software.  It defines
separate types for system configuration files and system logs and
defines separate domains for programs that require write access.

The example configuration seeks to confine the potential damage that
can be caused through the exploitation of a flaw in a process that
requires privileges, whether a system process or privilege-enhancing
(setuid or setgid) program.  The policy configuration places these
privileged system processes and programs into separate domains, with
each domain limited to only those permissions it requires.  Separate
types for objects are defined in the policy configuration as needed to
support least privilege for these domains. The configuration also
attempts to protect privileged processes from executing malicious
code.  The policy configuration defines an executable type for the
program executed by each privileged process and only allows transitions
to the privileged domain by executing that type.  When possible, it
limits privileged process domains to executing the initial program for
the domain, the system dynamic linker, and the system shared libraries.
The administrator domain is allowed to execute programs created by
administrators as well as system software, but not programs created by
ordinary users or system processes.

Other objectives of the example configuration include protecting the
administrator role and domain from being entered without user
authentication, and preventing ordinary user processes from interfering
with system processes or administrator processes by controlling the use
of procfs, ptrace and signaling.

The security-enhanced Linux prototype was developed in conjunction with
research partners from the Secure Execution Environments group at NAI
Labs, Secure Computing Corporation (SCC), and the Mitre Corporation.
Researchers at the NSA implemented the security architecture in the
major subsystems of the Linux kernel, including mandatory access
controls for operations on processes, files, and sockets. NAI Labs is
working with the NSA in further developing and configuring this
security-enhanced Linux system, including the development of additional
kernel mandatory access controls and the creation of a general purpose
security policy configuration.  The security policy configuration drew
from some preliminary configuration work by SCC as a starting point,
and it also drew from NAI Labs' prior Domain and Type Enforcement (DTE)
configuration work.  SCC, MITRE and NAI Labs are also assisting the NSA
in developing application security policies and enhanced utility
programs for the system.

There is still much work needed to develop a complete security
solution. In addition, due to resource limitations, we have not yet
been able to evaluate and optimize the performance of the security
mechanisms. The prototype was developed using the 2.2.12 kernel, and we
have not yet updated the system to the latest stable kernel release.
There is a version for 2.2.17, but it hasn't been thoroughly tested.
Currently, we only support the x86 architecture and have only been able
to test it on the Red Hat 6.1 distribution. As the system is still a
prototype, we are not looking for the patches to be adopted into Linux
2.2, or even 2.4. Instead, we are presenting the system as a starting
point for discussions about the possible inclusion of these valuable
security features into the 2.5 kernel series. We are looking forward to
building upon this work with the Linux community.

If you are interested in experimenting with the system or getting more
information about it, please visit our web site at
http://www.nsa.gov/selinux. This site contains the source to the system
as well as some technical documentation about it. We are currently
developing a FAQ that will also provide additional information. A
mailing list, selinux@tycho.nsa.gov, has been created for questions and
discussion.  Subscribe to the mailing list by sending mail to
Majordomo@tycho.nsa.gov with "subscribe selinux" as the body of the
message. We welcome your feedback.


Peter Loscocco
Security-enhanced Linux Project Leader
Information Assurance Research Office
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/