/Documentation/seclvl.txt

https://bitbucket.org/evzijst/gittest · Plain Text · 97 lines · 66 code · 31 blank · 0 comment · 0 complexity · bc64b7d1aff0714839aa92d80ba9ff25 MD5 · raw file

  1. BSD Secure Levels Linux Security Module
  2. Michael A. Halcrow <mike@halcrow.us>
  3. Introduction
  4. Under the BSD Secure Levels security model, sets of policies are
  5. associated with levels. Levels range from -1 to 2, with -1 being the
  6. weakest and 2 being the strongest. These security policies are
  7. enforced at the kernel level, so not even the superuser is able to
  8. disable or circumvent them. This hardens the machine against attackers
  9. who gain root access to the system.
  10. Levels and Policies
  11. Level -1 (Permanently Insecure):
  12. - Cannot increase the secure level
  13. Level 0 (Insecure):
  14. - Cannot ptrace the init process
  15. Level 1 (Default):
  16. - /dev/mem and /dev/kmem are read-only
  17. - IMMUTABLE and APPEND extended attributes, if set, may not be unset
  18. - Cannot load or unload kernel modules
  19. - Cannot write directly to a mounted block device
  20. - Cannot perform raw I/O operations
  21. - Cannot perform network administrative tasks
  22. - Cannot setuid any file
  23. Level 2 (Secure):
  24. - Cannot decrement the system time
  25. - Cannot write to any block device, whether mounted or not
  26. - Cannot unmount any mounted filesystems
  27. Compilation
  28. To compile the BSD Secure Levels LSM, seclvl.ko, enable the
  29. SECURITY_SECLVL configuration option. This is found under Security
  30. options -> BSD Secure Levels in the kernel configuration menu.
  31. Basic Usage
  32. Once the machine is in a running state, with all the necessary modules
  33. loaded and all the filesystems mounted, you can load the seclvl.ko
  34. module:
  35. # insmod seclvl.ko
  36. The module defaults to secure level 1, except when compiled directly
  37. into the kernel, in which case it defaults to secure level 0. To raise
  38. the secure level to 2, the administrator writes ``2'' to the
  39. seclvl/seclvl file under the sysfs mount point (assumed to be /sys in
  40. these examples):
  41. # echo -n "2" > /sys/seclvl/seclvl
  42. Alternatively, you can initialize the module at secure level 2 with
  43. the initlvl module parameter:
  44. # insmod seclvl.ko initlvl=2
  45. At this point, it is impossible to remove the module or reduce the
  46. secure level. If the administrator wishes to have the option of doing
  47. so, he must provide a module parameter, sha1_passwd, that specifies
  48. the SHA1 hash of the password that can be used to reduce the secure
  49. level to 0.
  50. To generate this SHA1 hash, the administrator can use OpenSSL:
  51. # echo -n "boogabooga" | openssl sha1
  52. abeda4e0f33defa51741217592bf595efb8d289c
  53. In order to use password-instigated secure level reduction, the SHA1
  54. crypto module must be loaded or compiled into the kernel:
  55. # insmod sha1.ko
  56. The administrator can then insmod the seclvl module, including the
  57. SHA1 hash of the password:
  58. # insmod seclvl.ko
  59. sha1_passwd=abeda4e0f33defa51741217592bf595efb8d289c
  60. To reduce the secure level, write the password to seclvl/passwd under
  61. your sysfs mount point:
  62. # echo -n "boogabooga" > /sys/seclvl/passwd
  63. The September 2004 edition of Sys Admin Magazine has an article about
  64. the BSD Secure Levels LSM. I encourage you to refer to that article
  65. for a more in-depth treatment of this security module:
  66. http://www.samag.com/documents/s=9304/sam0409a/0409a.htm