Red Hat Seeks to Deliver Most Secure Linux 262
Jack writes "ITO is running a story on Red Hat's plan to become the most secure Linux platform. From the article: "Red Hat officially joined The National Information Assurance Partnership to bring an improved level of security and assurance to Linux. This means that the next version of Red Hat Enterprise Linux will contain kernel and Security Enhanced Linux policy enhancements, developed by IBM, Red Hat, TCS, NSA and the community.""
Missed a link :) (Score:5, Funny)
The article left out a hyperlink, corrected here :
Re:Missed a link :) (Score:3, Insightful)
Re:Missed a link :) (Score:4, Informative)
Maybe this was intended as a joke, but it's a valid point. SELinux does not make anything more secure. Why? Because it's sufficiently complicated that most people are just going to turn it off. OpenBSD has a policy that security must be on by default, must not create a significant performance hit, and must be simple enough that people actually use it. This is the reason people trust it.
Indeed, something like http://pax.grsecurity.net/ [grsecurity.net] is clearly useful, but breaks too many applications, is a kernel patch to the standard kernel that you have to apply yourself, so it's not so widely used. Neither SuSE nor RedHat supports it. OpenBSD does similar things, but they make sure that the ports and the system does not break. As a OpenBSD you don't have to do anything special, apart from installing OpenBSD, to take advantage of the security enhancements.
Re:Missed a link :) (Score:3, Informative)
http://www.redhat.com/magazine/009jul05/features/
Re:Missed a link :) (Score:4, Insightful)
Re:Missed a link :) (Score:2)
Ah? So you like those worms, backdoors, and rootkits?
Remember, there was a time that DOS users "didn't need virus scanners". There was a time when having services running by default was user friendly, "not a security risk". There was a time when Windows users could use their systems to get work done, rather than spending their time cleaning off the spyware. There's a moral to this story.
Re:Missed a link :) (Score:5, Insightful)
Um, the SE linux configuration shipped with Fedora is on by default, does not create a significant performance hit, and is simple enough that most users (those who aren't making fundamental changes to the installed daemon processes, basically) don't even know it's turned on.
This is mostly a defensive flame. SELinux clearly is useful as a security tool. It provides MAC features that you simply can't get with traditional unix security model. Now, clearly, this kind of change in worldview brings complexity. And lots of installations, even secure ones, don't necessarily need it or want it. And early Fedora (FC2 prereleases, I think) implementations were far too restrictive, and cause much confusion and flamage. I have it turned off on my laptop, for example.
But to baldly claim that "SELinks does not make anything more secure" is just silly.
Re:Missed a link :) (Score:3, Interesting)
Re:Missed a link :) (Score:5, Insightful)
The OpenBSD approach is to raise the quality level of the code to eliminate flaws in the operating environment. That's great -- except not every software development process is shipping flawless software and not every security problem is a result of bugs in software. If Apache or a database or any other application running on BSD has a flaw or is misconfigured, the OS isn't going to protect you or your data.
The SELinux approach gives the operating system control over what is happening on the system. If a hacker or worm compromises an application, and tries to do something that the application is not permitted to do, those actions can be blocked and audited & the impact of flaws or misconfigurations in software can be contained.
SELinux or Trusted Solaris aren't competitors to OpenBSD at all -- they are really in different niches entirely.
Re:Missed a link :) (Score:4, Informative)
Ever hear of W^X (write xor execute)? Randomized library base addresses? Propolice? Privilege seperation?
All these work to protect the system even in the event of buggy applications. OpenBSD does a lot more than just auditing the code in the base install.
Re:Missed a link :) (Score:5, Interesting)
Knowing my machines are bulletproof is great, and all, but if one of my users is deliberately doing something s/he shouldn't, I want to know about it!
One Thing RH Does Do Well... (Score:4, Interesting)
Ever since they've introduced SELinux in the default install they've claimed it is incomplete but are adding rules every chance they get. And even better, there is nearly transparent to the "uninterested user". There is a seperate SELinux package that merges in every time they update it so my interaction (and the chance for me to break it) is minimized. And I'm constantly surprised by the settings they do work out as well (for instance some of their Samba settings are really good security policy anyway).
Red Hat's support for things like SELinux is stellar but it needs to be better and they are the first admit it needs more work. Isn't this what Open Source is all about?
Only Microsoft can secure samba. (Score:2)
You'll never come up with a policy that makes samba significantly more secure, unless Microsoft provides clients that can use a secure implementation of the NetBIOS/NetBEUI/SMB/CIFS/whatever-they-call-it-thi s-week protocol.
That's not a failing of SELinux, nor of OpenBSD, or even of Samba itself. Samba's a tool for communicating with systems through an insecure protocol.
selinux effectiveness (Score:3, Interesting)
It definitely will not make an insecure application or insecure installation more secure, but it will provide additional protection against those insecure situations.
And the post is modded appropriately as funny since it is a humorous jab at linux security. Besides, I could be off base on this but I suspect that simply installing BSD as your OS will not resolve security issues in the applications you install on top of it, i.e. SQL inject exploits in applicatio
Re:selinux effectiveness (Score:4, Informative)
You are indeed wrong. OpenBSD includes a number of systems which make buggy code more secure. Some examples:
The OpenBSD team realises that no developer is infallible, and they work hard to ensure that security extends far beyond the base system. The work they've done on memory allocation alone is staggering - the diagrams I saw showing the before and after pictures of memory layout were staggering - and all of this was done to support a legacy architecture (x86) because a lot of people use it and they didn't want to force everyone to buy new NX-supporting chips to get the required protection.
Re:Missed a link :) (Score:2)
Re:Missed a link :) (Score:2)
Having said that: Good for them.
security versus security model (Score:2)
Adopting stuff like SELinux will make Red Hat Linux closer to Windows in security model. Red Hat moved to good default policies faster tha
Re:security versus security model (Score:2)
"Red Hat Seeks to Deliver Most Secure" OS (Score:2)
Re:Misunderstanding of what Trusted means (Score:2)
Re:Misunderstanding of what Trusted means (Score:2)
Isn't this the exact reason why the NSA developed SE-Linux though?
OpenBSD (Score:2, Interesting)
Why don't the security conscious just use OpenBSD [openbsd.org]?
Re:OpenBSD (Score:2)
But seriously, OpenBSD may be a gerat solution if you need security now, which is what I do, but to bring linux better security is a worth while endevor.
Although, if you need security now, go openBSD.
Re:OpenBSD (Score:2)
Some really clueless moderator modded you down as flamebait, go figure. I any case, the Linux kernel has had about 20-30 of local root exploits in the last year, and clearly the Linux kernel leaves something to be desired in this regard. It's also understandable that this happens due to the huge amount of new code, and the focus on performance (but not stability).
Re:OpenBSD (Score:4, Informative)
Judging from the technologies and companies mentioned in the summary, this attempt at Linux security is based on providing better access controls and privilege models in the Linux kernel. By better, I mean that these mechanisms can:
1) Provide finer grain privileges so that fewer programs can be exploited to escalate privilege, and
2) Isolate unrelated programs and users from each other (e.g. an exploit in a DNS server is restricted to only accessing DNS files but is not able to manipulate web server pages).
These two techniques basically reduce the number of avenues an attacker can use to exploit a system. It is less likely that a piece of exploitable software will have sufficient access to whatever it is the attacker wants to get to. Granted, it is not a complete solution, but it's a handy thing to have in one's security toolbox.
I believe that the OpenBSD/OpenSSH teams are beginning to do similar things (e.g. OpenSSH privilege separation), but I don't think they've taken the leap to providing more sophisticated access controls in the kernel.
If you're interested, examples of trusted operating systems/access controls can be found at the following places:
Linux Capabilities:
http://ftp.kernel.org/pub/linux/libs/security/lin
Trusted BSD:
http://www.trustedbsd.org/docs.html [trustedbsd.org]
Argus Systems Group (go to the Support section and take a look at the docs for PitBull LX and Foundation; they give a rather complete description of the mechanisms):
http://www.argus-systems.com/ [argus-systems.com]
Trusted Computer Solutions (mentioned in the article):
http://www.trustedcs.com/index.html [trustedcs.com]
Disclaimer: I used to work for Argus Systems Group, and I know a few of the TCS employees (as they are also ex-Argus employees).
Re:OpenBSD (Score:3, Informative)
For example, I believe that the OpenBSD/OpenSSH teams are beginning to do similar things (e.g. OpenSSH privilege separation),
Privilege separation has been in OpenBSD for years. It is not something that OpenBSD is "beginning to do".
Re:OpenBSD (Score:2, Interesting)
Anyway, I don't believe that my out of dateness really invalidates the rest of my post. The most important point is that trying to implement everything correctly is not really a practical way of making a secure system. This has (historically) been OpenBSD's approach, but it suffers from the issues I raised before. Having better access controls makes it easi
Re:OpenBSD (Score:3, Interesting)
In addition to "trying to do things correctly" (and succeeding at it, btw),
Re:OpenBSD (Score:2)
-Charles
Re:OpenBSD (Score:2)
A critical importance of is, of course, stability and relability and then I don't want to be hold hostage to some binary-only shoddy RAID managment software running on Linux
Linux isn't restricted to binary-only RAID manager (Score:2)
I've been running completely open-source soft RAID for years on Red Hat linux. My backup server, which uses the same basic idea as dirvish [dirvish.org], uses a couple of terabytes of RAID10. There are even multiple RAID implementations freely available, although you are typically restricted by your choice of kernels.
You zealots never seem
Because everything but the base system is painful (Score:3, Informative)
Re:OpenBSD (Score:2)
-matthew
Re:OpenBSD (Score:2)
Sure they will run but if I have to fight with a PHB about something its not going to be I want BSD even though none fo the above software will offer support for it..
Re:OpenBSD (Score:3, Insightful)
Two words: failing gracefully.
The OpenBSD approach to security boils down to: "Never, ever make a mistake". They've spent untold thousands of man-hours looking for anything that might ever be a mistake. And, towards this end, they've done an incredible job, and have an excellent track record that they can rightly brag about.
But for one thing: mistakes happen. What happens when you write a stoopid CGI and forget to escape a parameter, allowing a blackhat to e
Re:OpenBSD (Score:3, Insightful)
You are misinformed, trolling or both. Most of OpenBSD's efforts in recent years have been directed at proactive security. OpenBSD was the first operating system to add ProPolice to its compiler, the first to implement address space randomisation, the first to add privilege separation to every daemon that needs privilege.
The result of this is that a security hole is either a) not exploitable to begin with, b) incredibly difficult to exploit, or c) not very productive even if it is exploited. All your caps
Re:OpenBSD (Score:2)
Slashdot is secure ... (Score:2)
the NSA? (Score:2)
Re:the NSA? (Score:2)
Re:the NSA? (Score:2)
Yes the NSA does (Score:3, Interesting)
Re:the NSA? (Score:5, Funny)
Cavity searches.
Re:the NSA? (Score:2)
All sorts of stuff actually. Their mission is twofold; in addition to breaking the bad guys codes or elsewise compromising their communications, they are also tasked with protecting the good guys communications from being compromised. Now it's important to remember that "good guys" and "bad guys" here is as defined by the US Government, but I for one agree with them at least ocasionally. In any case, if they have thought up some super secret tricky way to get around your security, I wouldn't expect them
Re:the NSA? (Score:2)
RedHat poised to become the next Microsoft (Score:3, Insightful)
As sections of the Linux community, such as RedHat, start merging with big businesses, such as IBM, we have to wonder how long it will be before the Red Hat team starts walking on 2 legs...RedHat could be well on it's way to becoming the next Microsoft.
Re:RedHat poised to become the next Microsoft (Score:5, Insightful)
RedHat could be well on it's way to becoming the next Microsoft.
I think you are mistaken. It is entirely probable that RedHat the company will partner up with lots of big businesses. Big businesses, however, want a commodity OS, competitive advantages, and for that matter, open source at this point. Having been burned by MS for so long, many companies at the heart of the Linux community are unlikely to swiftly move to closed formats, APIs, code, etc. Even assuming RedHat did exactly that, introducing formats and closed source code as much as possible, they are still working on a base that is GPL and that they cannot close and still sell. That means there is nothing stopping others from modifying that code or even redistributing it. RedHat would basically have to write their own OS from scratch or based upon BSD licensed code in order to get us close to the situation we have with MS. Even were they to do that, we'd still be several steps ahead for compatibility and security from where we are now with Windows.
To summarize, sure RedHat can become "evil" but that does not stop Linux, and RedHat has no way to "take over" Linux since they don't own it. I'm just not too worried, they have a long hard road ahead to become MS, and they will need a new OS to do it.
Re:RedHat poised to become the next Microsoft (Score:5, Insightful)
If you want to argue that RedHat has turned its back on the community, or jumped in bed with big business, or whatever, go right ahead. But it simply isn't possible for any Linux distributor to "become Microsoft", because unlike Microsoft, anybody who can obtain a copy of Distro X can legally rebrand, recompile, and sell it as Distro Y. Somebody running Distro Z can go through Distro X, figure out any new features, and bring those features to Distro Z.
RedHat can't do a thing to stop RH-based distros like CentOS and White Box. The GPL ensures that, while one distro might dominate the Linux landscape, nobody will ever have a lock on Linux itself. Linux World Domination would mean that nobody can dominate.
So please, elaborate your reasoning. What is RedHat doing that scares you?
Re:RedHat poised to become the next Microsoft (Score:4, Insightful)
And this is very important because it means that, in order to keep my business, Distro X must continue to represent a good choice. They must offer reliability, trustworthiness, and good service. Why do people continue to buy Redhat even as CentOS is released? Because they trust Redhat and like Redhat's support.
Open source vendors simply won't make any money unless their customers are happy.
Re:RedHat poised to become the next Microsoft (Score:3, Informative)
No they didn't. They wrote to CentOS to inform them that they were using Red Hat's trademark in a way that Red Hat felt was inappropriate. The letter also stated that people were not allowed to use their trademark in that matter without "express agreement." What CentOS had to opportunity to do was call or write the lawyer, state their side of things, and work out an agreement that would work for both parties. Working out such an agreement w
Re:RedHat poised to become the next Microsoft (Score:2, Insightful)
Holy crap!!! (Score:2, Funny)
Let's get together and make sure that all new versions of software that RedHat sells are covered by some kind of license that prevents them from locking the software up! Hell...we could even include some kind of restriction that forces them to release any changes they make. That'll stop them!
Re:Holy crap!!! (Score:2)
Analogies prove nothing (Score:2)
Furthermore, keep in mind that most of the code behind linux is under either GPL or LGPL, which m
Re:RedHat + Microsoft = (Score:2)
1. In the corporate world where support is more valuable than the software in some cases, there is *not* a long list of viable Linux-based companies. I don't think Novell's going to dismantle Red Hat either.
2. The approach MS will likely take is to capture as many of the Linux dollars as they can. They know support is Linux's weakness and they can provide that. So, Microsoft bundles OSS application support to it's richest customers. Mi
4 legs good, 2 legs bad (Score:2)
Re:RedHat poised to become the next Microsoft (Score:2)
-matthew
Re:RedHat poised to become the next Microsoft (Score:2)
Look at how much they suffered when they discontinued Red Hat Linux in favor of Fedora. The Linux marketplace is much more competitive than Microsoft's market ever has been. We are not talking about one DOS clone here. We are talking about at least 9 commercial and noncommercial entities which directly compete with Red Hat in this area. Yet due to FOSS, they all share many of their innovations between eachother.
Red Hat can never become the
Re:RedHat poised to become the next Microsoft (Score:2)
and this is why... (Score:3, Funny)
...and probably running it as root, too, the stupid bastards.
Why not OpenBSD. (Score:4, Insightful)
Re:Why not OpenBSD. (Score:5, Funny)
Re:Why not OpenBSD. (Score:2)
How many applications does one need anyway? That's my desktop machine, which runs OpenBSD 3.7, with fluxbox, gkrellm, links-2, firefox, etc.
I don't really understand the people that chooses an OS because of the number applications available. What's is important is that the applications that you, as a user needs, are available.
Re:Why not OpenBSD. (Score:2)
I don't really understand the people that chooses an OS because of the number applications available. What's is important is that the applications that you, as a user needs, are availabl
Re:Why not OpenBSD. (Score:2)
-matthew
Re:Slashdot Groupthink in Effect (Score:2)
1. It was a joke, not a statement. 2. You're right about the groupthink.
Re:Why not OpenBSD. (Score:3, Insightful)
Wrong!
OpenBSD can run all FOSS software avaliable for Linux (as long as the source doesn't use too many Linuxisms; e.g., code that extensively uses the Linux kernel won't compile). As long as the source uses standard Unix libraries, standard X libraries, standard QT/GTK toolkits, then it should run fine on OpenBSD.
OpenBSD also has a Linux binary compatibi
Distro wars are irrelevent (Score:2)
As far as stealing users from windows; So Freaking What? The important thing is that people discover there are alternatives to using Windows and hopefully also discover the advantages of Free Software along the way.
In other news (Score:5, Funny)
Secure operating systems... (Score:5, Interesting)
It's absolutely fantastic work they are doing; making SELinux a default in their systems in meaningful ways, while at the same time, doing their damndest to make it as transparent as possible to the everyday user. No one else is doing that. OpenBSD are the kings of UNIX quality control, but they offer nothing in the way of mandatory access controls. FreeBSD has comparable technology in the form of the TrustedBSD MAC Framework (which is excelant), but they are not yet offering security policies that are transparent to ordinary users of the system, and like SELinux in most distributions that support it, it's a pain to set up correctly.
Now if only they (Fedora especially) would ship a basic "desktop install" on *one* CD image instead of requiring 2-4 CDs, my major gripes with their software would go away completely. This kind of hardcore but transparent security is most definately needed by everybody today, and right now, only Red Hat and the Fedora Project are providing it. As much as I prefer the saner development methodologies and more well thought out kernel architectures provided by the various BSDs, in an online world as inherrently dangerous as our own, employing an operating system that supports these security technologies is the only real way to go.
Come on FreeBSD! What are you waiting for? Keep up the (mostly) good work Fedora people!
Re:Secure operating systems... (Score:2)
Re:Secure operating systems... (Score:2)
But then again, I'm not an average user, and require special tools that are often not on the disk anyways, and if they are, are frequently not the version I want.
That's not to say that packing a DVD that includes a bunch of applications is bad, but
Re:Secure operating systems... (Score:2)
I agree completely. I've been asking for some of these features with good defaults and a user friendly configuration on a usable desktop for years. Right now, only the most security conscious are looking to these systems, but as security tightens in general this type of system will become more and more needed. I still have my doubts that this sort of system will gain any popularity until newer version of Windows manage to take significant market share and remove some of the lowest hanging fruit for malware
Trustix (Score:5, Informative)
Re:Trustix (Score:2)
I really doubt you can actually quantify this in any sort of believable fashion.
And, in any event, they don't have nearly the breadth of support offerings Red Hat does. 24/5 email support - what a treat! Better hope nothing goes wrong on the weekend!
-Erwos
I have the most secutiry... (Score:2, Funny)
Re:I have the most secutiry... (Score:2, Funny)
History (Score:3, Insightful)
Windows 2000... unhackable
RedHat Server 2007... uncrackable
Don't think so...
That is all.
Titanic doesn't belong here (Score:2)
Re:Titanic doesn't belong here (Score:2)
There are always tradeoffs (Score:2)
But can we trust them? (Score:4, Funny)
Secure desktops (Score:3, Interesting)
There are already a number of quality server distributions out there with security tools like SELinux, GRSecurity and PaX, but it will be interesting to see Redhat contribute to the mix. Personally, I use a number of modified Redhat patches while building HLFS-based systems.
While this is undoubtedly off-topic, what I really want to see (and continually try to create) is a desktop system with some of these advanced security concepts enabled. The problem seems to be finding the right balance between security and ease-of-use, it's a lot easier to create a server with non-standard access control than an xorg/KDE desktop.
Contributing to this problem (at least in my experience) are the documentation problems. These can occur in many opensource projects but seem to be magnified in security projects. Even with a fair working knowledge of relevant areas, incomplete and esoteric documentation provides a stumbling block for a lot of us.
Re:Secure desktops (Score:2)
selinux attempts to limit the impact of breaches, grsecurity and pax attempt to block them from even being possible in the first place.
selinux is useful for restricting logical attacks such as php/perl/etc breaches via apache, whereas grsecurity/pax prevent binary code injection attacks, kernel rootkits, etc. grseurity/pax won't prevent php attacks.
I really don't want to troll, but... (Score:2, Insightful)
Common Criteria evaluation is mostly worthless (Score:4, Insightful)
Jonathan S. Shapiro, Ph.D: Understanding the Windows (and Red Hat) EAL4 Evaluation. [jhu.edu]
"In the case of CAPP, an EAL4 evaluation tells you everything you need to know. It tells you that Microsoft (Red Hat) spent millions of dollars producing documentation that shows that Windows 2000 (RHEL 5) meets an inadequate set of requirements, and that you can have reasonably strong confidence that this is the case."
Granted, RHEL is being evaluated for LSPP as well, but EAL4 is still weak.
All the comments about OpenBSD are missing the point: Common Criteria isn't about actual security; it's about security documentation. It's also about certain government purchasing requirements. Nothing to see here.
Security vs. Usability (Score:3, Interesting)
The SELinux Devil... (Score:3, Informative)
1. Enabling it during install doesn't magically make every application SELinux aware. It turns out that packages need to have SELinux features. Here's a link to the good fellow doing SELinux packages for Debian. http://www.coker.com.au/selinux/ [coker.com.au] Now, I don't know if the Fedora package volunteers have done the same kind of work or not, but I'd be interested to hear either way. It reminds me of LDAP, where LDAP is good, but applications need to support it to make it great.
2. My experience turning on SELinux in FC was not good. I attempted to build a firewall with IDS and the IDS just didn't work. I'm not a coder, nor am I a really strong Linux Admin, so bye-bye SELinux and the firewall/IDS worked like it should.
3. Generally speaking, American PHB's (at least) are finally getting the message that IT security is far more important than in the past and I think this is a well-timed Marketing message with the actual SELinux implementation throughout FC being very far from their glossy claims.
Would this mean.. (Score:2)
In other news... (Score:2)
Bah! (Score:2, Informative)
Fortunately, my company is going to announce soon with an OS that truly is secure.
Flame away (again).
missing the point (Score:2, Informative)
-Nex6
-Nex6.blogspot.com
Re:Is this a magnet? (Score:5, Informative)
Regards,
Steve
Re:Is this a magnet? (Score:3, Insightful)
I wouldn't go that far. You can do plenty of bad things without knowing the memory layout in advance. Denial of service comes to mind. Not as bad as arbitrary code execution, but still serious.
PIE is not a magic bullet. It is just something to raise the bar a bit.
More importantly (Score:2)
1) The most securable OS and
2) The most secure OS in the default install.
There will always be some MS Windows boxes that are more secure than some OpenBSD boxes if only because someone thought that "Cool OpenBSD is really secure, man. So I just installed Sendmail on it.... I don't have to worry about security, do I?" while there are a few Windows admins who take securit
Re:But SELinux SUCKS for enterprise (Score:4, Interesting)
Re:But SELinux SUCKS for enterprise (Score:2, Informative)
Re:But SELinux SUCKS for enterprise (Score:2)
PS, you should read setfacl(1), you might learn something.
Re: I didn't try hard enough so it sucks (Score:5, Informative)
Re: I don't know how to do it and therefore it can't be done and therefore it sucks.
It can be done. Here's how:
First some good documentation [redhat.com].
Run:
# up2date --install (or yum install) selinux-policy-targeted-sources /etc/selinux/targeted/src/policy
# cd
# make enableaudit
Run whatever service that is currently broken because of SELinux. Then:
# audit2allow -i /var/log/messages -l
allow httpd_t cifs_t:dir search;
allow httpd_t unlabeled_t:dir { getattr search };
...which will tell you where SELinux blocked the service. (Just some sample output here.)
Then add your own rules like this:
# cat >domains/misc/local.te <<EOF
allow httpd_t unlabeled_t:dir { getattr search read };
allow httpd_t unlabeled_t:file { getattr read };
allow httpd_t unlabeled_t:lnk_file { read getattr };
allow httpd_t cifs_t:dir { getattr search read };
allow httpd_t cifs_t:file { getattr read };
allow httpd_t cifs_t:lnk_file { read getattr };
allow httpd_t default_t:lnk_file { getattr read };
EOF
# make reload
The above is again just an example.
Try again. If it doesn't work you need to allow some more stuff, which audit2allow will tell you.