LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: December 9th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week advisories were released for gdk-pixbuf, horde2, helix-player, Inkscape, horde2, Perl, Webmin, eagle-usb, spamassassin, mailman, xpdf, libc-client, and imap. The distributors include Debian, Gentoo, Mandriva, and Red Hat.


Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/linsec


SELinux Policy Development: Auditing An Application
By: Pax Dickenson

Now that you have a policy development environment and are able to compile SELinux policy, you can make policy changes to correct any audited messages in your system log or enable a permission needed by an application you use.

You must create some source files when adding security policy statements that only apply to the local system, since if you add statements to existing files they will be overwritten during policy updates. Create local files by issuing these commands:

touch /etc/selinux/engarde/src/policy/policy/modules/admin/local.fc
touch /etc/selinux/engarde/src/policy/policy/modules/admin/local.te
touch /etc/selinux/engarde/src/policy/policy/modules/admin/local.if

Next, edit the /etc/selinux/engarde/src/policy/policy/modules.conf file and add a line reading local = base and save the file. Recompile the policy and check the output to ensure your local.* files were included.

Let's say, for example, that you've installed some PHP scripts on your website that function fine in permissive mode, but fail when you enable enforcing mode, since the scripts are attempting an action that SELinux does not allow.

The first step would be to open a terminal to the server, ensure you're logged in to the sysadm_r role, and execute the following commands:

# setenforce 0
# dmesg -c
# watch audit2allow -d

These commands will allow you to view the missing SELinux permissions in real time. The audit2allow command is the single most useful tool when troubleshooting SELinux problems. When run with the -d switch, it monitors the dmesg output for SELinux audit errors, and automatically converts these errors into the correct allow command that could be added to the policy to permit the denied action.

With the above commands running and your system in permissive mode, run through the parts of your application that are causing trouble and you should see your audit2allow terminal start outputting allow statements. Review these statements, since they may be unsafe due to incorrect file labeling and may be far too permissive.

For example, your audit2allow output may recommend giving your application full read/write access to the etc_t type. This would allow writing of many files in the /etc directory that belong to other applications and would be unsafe. The correct way to design your policy would be to change the type of the files your application is actually accessing to something narrower and more restricted so you can allow write access to only that new type.

If you're unsure what file is being accessed, look at your system log and search it for the actual denial message. The denial message will look something like the following:

Oct 19 14:38:54 paxtest kernel: audit(1129747134.276:0): avc: denied { read } for name=messages dev=hda6 ino=2146393 scontext=root:staff_r:staff_t tcontext=system_u:object_r: var_log_t tclass=file

The ino entry in the denial message indicates the inode of the file that the denial refers to. You can locate this file by using a find command thusly:

# find / -inum 2146393

If you need to assign a different file context to a file, edit the $policy/policy/modules/admin/local.fc. The .fc files are lists of regular expressions matching a full file path followed by a security context to assign to that file during a relabel. Look at other existing .fc files in the policy for an idea of how these work. Once you assign a new context to a file, recompile and relabel, then perform your application testing again to generate a new list of allow statements that take the new context into account.

Read Entire Aricle:
http://www.linuxsecurity.com/content/view/120837/49/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New gdk-pixbuf packages fix several vulnerabilities
  1st, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120917
 
  Debian: New horde2 packages fix cross-site scripting
  1st, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120918
 
  Debian: New helix-player packages fix arbitrary code execution
  2nd, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120925
 
  Debian: New Inkscape packages fix arbitrary code execution
  7th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120952
 
  Debian: New courier packages fix unauthorised access
  8th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120959
 
   Gentoo
  Gentoo: Perl Format string errors can lead to code execution
  7th, December, 2005

A fix is available for Perl to mitigate the effects of format string programming errors, that could otherwise be exploited to execute arbitrary code.

http://www.linuxsecurity.com/content/view/120957
 
  Gentoo: Webmin, Usermin Format string vulnerability
  7th, December, 2005

Webmin and Usermin are vulnerable to a format string vulnerability which may lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120958
 
   Mandriva
  Mandriva: Updated eagle-usb packages fixes firmware loading issues
  2nd, December, 2005

This update loads the firmware each time an eagle-usb modem is plugged in, not just when the eagle-usb module is loaded.

http://www.linuxsecurity.com/content/view/120931
 
  Mandriva: Updated spamassassin packages fixes vulnerability
  2nd, December, 2005

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. Updated packages have been patched to address this issue.

http://www.linuxsecurity.com/content/view/120932
 
  Mandriva: Updated mailman packages fix various vulnerabilities
  2nd, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120933
 
  Mandriva: Updated webmin package fixes format string vulnerability
  2nd, December, 2005

Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.

http://www.linuxsecurity.com/content/view/120934
 
   Red Hat
  RedHat: Important: xpdf security update
  6th, December, 2005

An updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120946
 
  RedHat: Moderate: libc-client security update
  6th, December, 2005

Updated libc-client packages that fix a buffer overflow issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120947
 
  RedHat: Moderate: imap security update
  6th, December, 2005

An updated imap package that fixes a buffer overflow issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120948
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Encryption goof fixed in TorrentLocker file-locking malware
Qubes: The Open Source OS Built for Security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.