ia64/linux-2.6.18-xen.hg
annotate Documentation/seclvl.txt @ 854:950b9eb27661
usbback: fix urb interval value for interrupt urbs.
Signed-off-by: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
Signed-off-by: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Mon Apr 06 13:51:20 2009 +0100 (2009-04-06) |
| parents | 831230e53067 |
| children |
| rev | line source |
|---|---|
| ian@0 | 1 BSD Secure Levels Linux Security Module |
| ian@0 | 2 Michael A. Halcrow <mike@halcrow.us> |
| ian@0 | 3 |
| ian@0 | 4 |
| ian@0 | 5 Introduction |
| ian@0 | 6 |
| ian@0 | 7 Under the BSD Secure Levels security model, sets of policies are |
| ian@0 | 8 associated with levels. Levels range from -1 to 2, with -1 being the |
| ian@0 | 9 weakest and 2 being the strongest. These security policies are |
| ian@0 | 10 enforced at the kernel level, so not even the superuser is able to |
| ian@0 | 11 disable or circumvent them. This hardens the machine against attackers |
| ian@0 | 12 who gain root access to the system. |
| ian@0 | 13 |
| ian@0 | 14 |
| ian@0 | 15 Levels and Policies |
| ian@0 | 16 |
| ian@0 | 17 Level -1 (Permanently Insecure): |
| ian@0 | 18 - Cannot increase the secure level |
| ian@0 | 19 |
| ian@0 | 20 Level 0 (Insecure): |
| ian@0 | 21 - Cannot ptrace the init process |
| ian@0 | 22 |
| ian@0 | 23 Level 1 (Default): |
| ian@0 | 24 - /dev/mem and /dev/kmem are read-only |
| ian@0 | 25 - IMMUTABLE and APPEND extended attributes, if set, may not be unset |
| ian@0 | 26 - Cannot load or unload kernel modules |
| ian@0 | 27 - Cannot write directly to a mounted block device |
| ian@0 | 28 - Cannot perform raw I/O operations |
| ian@0 | 29 - Cannot perform network administrative tasks |
| ian@0 | 30 - Cannot setuid any file |
| ian@0 | 31 |
| ian@0 | 32 Level 2 (Secure): |
| ian@0 | 33 - Cannot decrement the system time |
| ian@0 | 34 - Cannot write to any block device, whether mounted or not |
| ian@0 | 35 - Cannot unmount any mounted filesystems |
| ian@0 | 36 |
| ian@0 | 37 |
| ian@0 | 38 Compilation |
| ian@0 | 39 |
| ian@0 | 40 To compile the BSD Secure Levels LSM, seclvl.ko, enable the |
| ian@0 | 41 SECURITY_SECLVL configuration option. This is found under Security |
| ian@0 | 42 options -> BSD Secure Levels in the kernel configuration menu. |
| ian@0 | 43 |
| ian@0 | 44 |
| ian@0 | 45 Basic Usage |
| ian@0 | 46 |
| ian@0 | 47 Once the machine is in a running state, with all the necessary modules |
| ian@0 | 48 loaded and all the filesystems mounted, you can load the seclvl.ko |
| ian@0 | 49 module: |
| ian@0 | 50 |
| ian@0 | 51 # insmod seclvl.ko |
| ian@0 | 52 |
| ian@0 | 53 The module defaults to secure level 1, except when compiled directly |
| ian@0 | 54 into the kernel, in which case it defaults to secure level 0. To raise |
| ian@0 | 55 the secure level to 2, the administrator writes ``2'' to the |
| ian@0 | 56 seclvl/seclvl file under the sysfs mount point (assumed to be /sys in |
| ian@0 | 57 these examples): |
| ian@0 | 58 |
| ian@0 | 59 # echo -n "2" > /sys/seclvl/seclvl |
| ian@0 | 60 |
| ian@0 | 61 Alternatively, you can initialize the module at secure level 2 with |
| ian@0 | 62 the initlvl module parameter: |
| ian@0 | 63 |
| ian@0 | 64 # insmod seclvl.ko initlvl=2 |
| ian@0 | 65 |
| ian@0 | 66 At this point, it is impossible to remove the module or reduce the |
| ian@0 | 67 secure level. If the administrator wishes to have the option of doing |
| ian@0 | 68 so, he must provide a module parameter, sha1_passwd, that specifies |
| ian@0 | 69 the SHA1 hash of the password that can be used to reduce the secure |
| ian@0 | 70 level to 0. |
| ian@0 | 71 |
| ian@0 | 72 To generate this SHA1 hash, the administrator can use OpenSSL: |
| ian@0 | 73 |
| ian@0 | 74 # echo -n "boogabooga" | openssl sha1 |
| ian@0 | 75 abeda4e0f33defa51741217592bf595efb8d289c |
| ian@0 | 76 |
| ian@0 | 77 In order to use password-instigated secure level reduction, the SHA1 |
| ian@0 | 78 crypto module must be loaded or compiled into the kernel: |
| ian@0 | 79 |
| ian@0 | 80 # insmod sha1.ko |
| ian@0 | 81 |
| ian@0 | 82 The administrator can then insmod the seclvl module, including the |
| ian@0 | 83 SHA1 hash of the password: |
| ian@0 | 84 |
| ian@0 | 85 # insmod seclvl.ko |
| ian@0 | 86 sha1_passwd=abeda4e0f33defa51741217592bf595efb8d289c |
| ian@0 | 87 |
| ian@0 | 88 To reduce the secure level, write the password to seclvl/passwd under |
| ian@0 | 89 your sysfs mount point: |
| ian@0 | 90 |
| ian@0 | 91 # echo -n "boogabooga" > /sys/seclvl/passwd |
| ian@0 | 92 |
| ian@0 | 93 The September 2004 edition of Sys Admin Magazine has an article about |
| ian@0 | 94 the BSD Secure Levels LSM. I encourage you to refer to that article |
| ian@0 | 95 for a more in-depth treatment of this security module: |
| ian@0 | 96 |
| ian@0 | 97 http://www.samag.com/documents/s=9304/sam0409a/0409a.htm |