A couple of questions.. about how to use roles effectively.

Submit your RBAC policies or suggest policy improvements

A couple of questions.. about how to use roles effectively.

Postby m3thos » Thu Jan 06, 2005 10:41 pm

Hi there,
I have some doubts on how to use roles effectively...
I've used grsec1, but never used grsec2 acl system until now.

0)
With grsec2, I though about creating a policy for user root (for
everything that runs has root) (without doing sysadm tasks).
Also put services and setuids in learning mode..
and maybe a learning mode for my user.. since I do everything in it..
if this user is compromised its just has worse has having root compromised.

Is this approach a correct one, to secure a personal/critical machine?
Even for larger deployments, does something like this, were we have policies for critical services/apps + policies for sysadms, and priveleged users look OKAY?


1) role for user root - is this wrong?
I'm doing learning for two roles of the two user acount used in my
computer, that's root and "m3thos".
I have a role for root because:
a) I run a bunch of apps has root cpudynd, ppbuttonsd(hardware manager for lcd brightness, sound volume, etc..)
gpm, and without this role, they were failing due to the default role
not being in learning mode.
b) every program that runs has root is a target for a potencial escalation of priveleges to root (root exploit..) and has such, I should have policys for those subjects.

Is it advisable to have a role for user root ?


2) policies to some critical apps/services..where?
With grsec1 I created policies only for certain apps/services, and
the rest of the system didn't had ACLs...

How should I do to have setuids and running services with special policies in grsec2?
What I did was, on the default role put some subjects that are setuids or
regular services (fcron/syslog-ng/vsftpd/gpg/ssh/nfs/samba etc..) in learning
mode...
Since there is a role for root, and those processes are running has
root (sshd, samba, vsftpd, fcron etc.. are all running has root).
2a - Does putting this subjects in learning mode under the default role makes any sence ?
2b - Having the user root in learning mode allready covers these cases?
2c - In which role should I have policies for these kind of services ?


3) Does the RBAC system bypasses tradicional UNIX permissions?
Can I use a sysadm user (m3thos) to do sysadm tasks without su'ing to root? After changing to "admin" role using gradm that is...
Like loading and removing modules, starting up and stoping networking
interfacer ..view the system logs.. etc?
Basically does the grsec admin role bypass the tradicional UNIX
permissions.. allowing a "specified non root" user to do modprobe and
rmmod.. and other stuff like that?

thanks in advance!
m3thos
 
Posts: 3
Joined: Thu Dec 18, 2003 2:51 pm

Return to RBAC policy development