|
|
Security of Red Hat Enterprise Linux based operating systems
Kňažeková, Nikola ; Ilgner, Petr (oponent) ; Komosný, Dan (vedoucí práce)
This master’s thesis focuses on increasing the security of Red Hat Enterprise Linux derived operating systems, based on the vulnerabilities analyzed over the last 5 years. The theoretical part describes the weaknesses and vulnerabilities, and the basic security mechanisms in Linux, with a focus on a SELinux technology. SELinux technology is shipped with the operating systems Red Hat Enterprise Linux, Fedora, and CentOS. In the practical part, based on the analyzed vulnerabilities, the configuration of the SELinux technology was designed. The design describes the elements that will be configured, namely SELinux booleans, SELinux modules, and SELinux users, focused on memory protection, escalation of privileges, code execution, data leakage, and restriction of processes and users. Based on the suggestions, a configuration was created in the Ansible configuration tool, which aims to allow the user to simply and quickly configure systems. In addition, two more configurations have been created that will allow users to revert the SELinux configuration to a previous state or lockdown the SELinux configuration. Subsequently, the impact of the configurations on the usability of the system was verified, and the found bugs were fixed or reported. The last part verifies the functionality of the configuration against exploit vulnerabilities.
|
|
|
User rights defined by SELinux technology in Red Hat Enterprise Linux operating system
Končitý, Patrik ; Kubánková, Anna (oponent) ; Komosný, Dan (vedoucí práce)
This thesis deals with the restriction of user rights in the Red Hat Enterprise Linux (GNU/Linux) operating system using SELinux technology. The first part of the thesis explains the mechanisms by which we can restrict rights in the OS. The basic two mechanisms of rights restriction are explained. These mechanisms are Discreet Access Control and Mandatory Access Control. Next, we elaborate on SELinux technology, which is a form of Mandatory Access Control. In the practical part, first a survey of typical OS users and their typical activities is carried out, followed by the implementation part where the theoretical knowledge of SELinux technology is applied. The implementation of new confined users and the templates that are added to each security policy are described. These security policies are then tested on the configured systems to test the mitigation of specific vulnerabilities. Mitigation is successful and the attacker is prevented from gaining privileges. In the last section, we discuss possible future extensions to the security policies.
|
|
|
User rights defined by SELinux technology in Red Hat Enterprise Linux operating system
Končitý, Patrik ; Kubánková, Anna (oponent) ; Komosný, Dan (vedoucí práce)
This thesis deals with the restriction of user rights in the Red Hat Enterprise Linux (GNU/Linux) operating system using SELinux technology. The first part of the thesis explains the mechanisms by which we can restrict rights in the OS. The basic two mechanisms of rights restriction are explained. These mechanisms are Discreet Access Control and Mandatory Access Control. Next, we elaborate on SELinux technology, which is a form of Mandatory Access Control. In the practical part, first a survey of typical OS users and their typical activities is carried out, followed by the implementation part where the theoretical knowledge of SELinux technology is applied. The implementation of new confined users and the templates that are added to each security policy are described. These security policies are then tested on the configured systems to test the mitigation of specific vulnerabilities. Mitigation is successful and the attacker is prevented from gaining privileges. In the last section, we discuss possible future extensions to the security policies.
|
|
|
Security of Red Hat Enterprise Linux based operating systems
Kňažeková, Nikola ; Ilgner, Petr (oponent) ; Komosný, Dan (vedoucí práce)
This master’s thesis focuses on increasing the security of Red Hat Enterprise Linux derived operating systems, based on the vulnerabilities analyzed over the last 5 years. The theoretical part describes the weaknesses and vulnerabilities, and the basic security mechanisms in Linux, with a focus on a SELinux technology. SELinux technology is shipped with the operating systems Red Hat Enterprise Linux, Fedora, and CentOS. In the practical part, based on the analyzed vulnerabilities, the configuration of the SELinux technology was designed. The design describes the elements that will be configured, namely SELinux booleans, SELinux modules, and SELinux users, focused on memory protection, escalation of privileges, code execution, data leakage, and restriction of processes and users. Based on the suggestions, a configuration was created in the Ansible configuration tool, which aims to allow the user to simply and quickly configure systems. In addition, two more configurations have been created that will allow users to revert the SELinux configuration to a previous state or lockdown the SELinux configuration. Subsequently, the impact of the configurations on the usability of the system was verified, and the found bugs were fixed or reported. The last part verifies the functionality of the configuration against exploit vulnerabilities.
|
host ::
RSS.