/Documentation/seclvl.txt
https://bitbucket.org/evzijst/gittest · Plain Text · 97 lines · 66 code · 31 blank · 0 comment · 0 complexity · bc64b7d1aff0714839aa92d80ba9ff25 MD5 · raw file
- BSD Secure Levels Linux Security Module
- Michael A. Halcrow <mike@halcrow.us>
- Introduction
- Under the BSD Secure Levels security model, sets of policies are
- associated with levels. Levels range from -1 to 2, with -1 being the
- weakest and 2 being the strongest. These security policies are
- enforced at the kernel level, so not even the superuser is able to
- disable or circumvent them. This hardens the machine against attackers
- who gain root access to the system.
- Levels and Policies
- Level -1 (Permanently Insecure):
- - Cannot increase the secure level
- Level 0 (Insecure):
- - Cannot ptrace the init process
- Level 1 (Default):
- - /dev/mem and /dev/kmem are read-only
- - IMMUTABLE and APPEND extended attributes, if set, may not be unset
- - Cannot load or unload kernel modules
- - Cannot write directly to a mounted block device
- - Cannot perform raw I/O operations
- - Cannot perform network administrative tasks
- - Cannot setuid any file
- Level 2 (Secure):
- - Cannot decrement the system time
- - Cannot write to any block device, whether mounted or not
- - Cannot unmount any mounted filesystems
- Compilation
- To compile the BSD Secure Levels LSM, seclvl.ko, enable the
- SECURITY_SECLVL configuration option. This is found under Security
- options -> BSD Secure Levels in the kernel configuration menu.
- Basic Usage
- Once the machine is in a running state, with all the necessary modules
- loaded and all the filesystems mounted, you can load the seclvl.ko
- module:
- # insmod seclvl.ko
- The module defaults to secure level 1, except when compiled directly
- into the kernel, in which case it defaults to secure level 0. To raise
- the secure level to 2, the administrator writes ``2'' to the
- seclvl/seclvl file under the sysfs mount point (assumed to be /sys in
- these examples):
- # echo -n "2" > /sys/seclvl/seclvl
- Alternatively, you can initialize the module at secure level 2 with
- the initlvl module parameter:
- # insmod seclvl.ko initlvl=2
- At this point, it is impossible to remove the module or reduce the
- secure level. If the administrator wishes to have the option of doing
- so, he must provide a module parameter, sha1_passwd, that specifies
- the SHA1 hash of the password that can be used to reduce the secure
- level to 0.
- To generate this SHA1 hash, the administrator can use OpenSSL:
- # echo -n "boogabooga" | openssl sha1
- abeda4e0f33defa51741217592bf595efb8d289c
- In order to use password-instigated secure level reduction, the SHA1
- crypto module must be loaded or compiled into the kernel:
- # insmod sha1.ko
- The administrator can then insmod the seclvl module, including the
- SHA1 hash of the password:
- # insmod seclvl.ko
- sha1_passwd=abeda4e0f33defa51741217592bf595efb8d289c
- To reduce the secure level, write the password to seclvl/passwd under
- your sysfs mount point:
- # echo -n "boogabooga" > /sys/seclvl/passwd
- The September 2004 edition of Sys Admin Magazine has an article about
- the BSD Secure Levels LSM. I encourage you to refer to that article
- for a more in-depth treatment of this security module:
- http://www.samag.com/documents/s=9304/sam0409a/0409a.htm