[ubuntu-uk] Anybody seen this, thought it might be shown, as nobody has mentioned it on here yet.....

Phill Whiteside PhillW at Ubuntu.com
Thu Aug 22 12:56:45 UTC 2013 

SEL takes a bit of getting your head round (well, I found it the hardest
part of the Red Hat Engineer course I did).

The notes from Red Hat are very good and I include two links for those who
wish top learn more.

Regards,

Phill.
1.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/index.html
2. http://www.redhat.com/magazine/001nov04/features/selinux/


On 22 August 2013 13:30, Tony Arnold <tony.arnold at manchester.ac.uk> wrote:

> On 22/08/13 13:06, pete smout wrote:
> > On 22/08/13 12:33, Kris Douglas wrote:
> >> On 22 August 2013 12:21, pete smout <psmouty at live.com> wrote:
> >>> On 22/08/13 11:59, pete smout wrote:
> >>>> On 22/08/13 11:41, Paul Sutton wrote:
> >>>>> On 21/08/13 22:12, scoundrel50a wrote:
> >>>>>> On 21/08/2013 17:07, Colin Law wrote:
> >>>>>>> On 21 August 2013 16:57, Gareth France <gareth.france at gmail.com>
> wrote:
> >>>>>>>> On 21/08/13 10:13, scoundrel50a wrote:
> >>>>>>>>
> >>>>>>>> Hi, I really dont understand the attitude of attack when somebody
> posts
> >>>>>>>> something like this. Not everybody is competant in using Ubuntu,
> and
> >>>>>>>> not
> >>>>>>>> everybody understands the risks involved especially considering
> for
> >>>>>>>> years
> >>>>>>>> its been pushed as a safe OS. All i have done is post this to the
> >>>>>>>> group, I
> >>>>>>>> dont appreciate this attitude. It doesnt give Ubuntu a good light
> when
> >>>>>>>> people see this.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On the whole I have stopped posting to this group since there are
> a
> >>>>>>>> number
> >>>>>>>> of people who are obviously on pedestals above us lowly minions.
> Not
> >>>>>>>> so long
> >>>>>>>> back after starting a thread I was shot down in an unforgivably
> >>>>>>>> harsh manner
> >>>>>>>> by people who made assumptions about me based on absolutely no
> >>>>>>>> evidence and
> >>>>>>>> proceeded to trample all over my opinion and my self esteem.
> >>>>>>>>
> >>>>>>>> I have said it before and I'll say it again, not everyone is an
> >>>>>>>> expert, not
> >>>>>>>> everyone understands things that are obvious to you. Be careful
> how you
> >>>>>>>> respond as we are supposed to be wanting to encourage mass
> adoption
> >>>>>>>> and as
> >>>>>>>> many new users as possible. Insulting them, depressing them,
> making
> >>>>>>>> them
> >>>>>>>> feel small, they will only leave.
> >>>>>>> I don't think we know what it was that scoundrel50a was taking
> >>>>>>> exception to as the post he complained about was not about
> anything he
> >>>>>>> said.  Scoundrel50a can you clarify exactly what it was that
> worried
> >>>>>>> you?
> >>>>>>>
> >>>>>>> Colin
> >>>>>>>
> >>>>>> I'm sorry but if you think that Peter Maddison's reply to me was
> >>>>>> acceptable then I dont see the point in saying anything, and you
> shot
> >>>>>> me down yourself. Which is why I answered the way I did.
> >>>>>>
> >>>>>> I dont see any posts on here that warn people that Linux isnt
> >>>>>> completely safe and whenever its bought up, people are treated like
> >>>>>> they are idiots and its always those people that are knowledgeable
> >>>>>> about Linux.....the rest of us are treated like I have been now.
> >>>>>>
> >>>>>> An its not just this thread its thread after thread that people are
> >>>>>> shouted down in, by the same people every time.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>> If there is a threat out there,  no matter small people should be a)
> >>>>> aware of it, and b) advised on how to avoid problems,  if everyone
> does
> >>>>> small things to protect their own systems, then surely the wider
> >>>>> community benefits,
> >>>>>
> >>>>> Look at how many bot nets are out there,  there seems to be several
> >>>>> million compromised Windows computers out there all chugging away and
> >>>>> awaiting some instruction to do something nasty,
> >>>>>
> >>>>> some of the suggestions offered are easy to implement others not so
> >>>>> unless you understand what it is asking you to do
> >>>>>
> >>>>> #
> >>>>>
> >>>>>
> >>>>> Do not install unsigned packages
> >>>>> # Do not add unofficial repositories without investigating said
> repository
> >>>>> # Keep your system up to date at all times
> >>>>> # Keep all browser plugins up to date
> >>>>> # If your distribution has SELinux, use it
> >>>>> # Do not let others install software on your machines
> >>>>> # Use solid passwords
> >>>>> # If asked to enter root user (or sudo) password, always know why
> >>>>>
> >>>>> Maybe what is needed here are links to sites that advise on all the
> >>>>> above issues,  the reference to SELinux could have a link to the
> SELinux
> >>>>> website and an explanation of what this is, why its important. useful
> >>>>> and what I should use it,  it says don't install things you don't
> >>>>> understand,  well you have asked me to install SELinux which i sort
> of
> >>>>> understand does this mean I should or should not install it,  (look
> at
> >>>>> that from a complete new user viewpoint)
> >>>>>
> >>>>>
> >>>>>
> >>>>> Sometimes when advice sounds like the obvious to an expert it really
> >>>>> does baffle the novice,  lets take a step back and address each of
> the
> >>>>> above and perhaps help people (esp new users) to make their systems
> more
> >>>>> secure through education and advice.
> >>>>>
> >>>>> I am happy to host information on the dcglug website blog if people
> can
> >>>>> help me explain each of the above points please, this information
> will
> >>>>> then be in one place and can act to help others both expert and
> novice
> >>>>> help others.
> >>>>> Hope this helps
> >>>>>
> >>>>> In fact such information could or would quite possibly be something
> to
> >>>>> include in the ubuntu-manual project and lubuntu documentation,
> >>>>>
> >>>>> Paul
> >>>>>
> >>>>>
> >>>> Hi,
> >>>> Although I have heard of SELinux I have never used it, I believe (not
> >>>> certain) that it comes as default on modern *buntu systems?!
> >>>> Does it need setting up, if so a link to a how to would be good!
> >>>> What are the benefits if using / installing it over not having it?
> >>>> What are the pitfalls of using it (for example I use the mozilla ppa
> as
> >>>> the firefox version in the Ubunutu repos is too out of date for
> certain
> >>>> webpages, let alone from a security point of view, will it allow me to
> >>>> continue using it?)
> >>>>
> >>>> I think some more research on my part is needed as in my everyday
> world
> >>>> SEL means Shelf Edge Label so the name leads to confusion ;)
> >>>>
> >>>> Good Job I'm not working today and I have the time to research, if
> >>>> anyone has some good links on the subject I (if not anyone else) would
> >>>> be interested in seeing them, But google will provide the answers im
> sure!!
> >>>>
> >>>> Thanks for giving me some more research.... I dont spend enough time
> in
> >>>> front of a screen (lol)
> >>>>
> >>>> Pete Smout
> >>>>
> >>>>
> >>> Right a quick google of 'SELinux ubuntu 13.04' a link top of page to an
> >>> Amazon page trying to sell me a Ubunutu DVD for £6.49 (even I am not
> >>> that stupid) the SELinux wiki page is helpful if long-winded, and I
> have
> >>> found a folder /selinux which is completely empty on my system? does
> >>> that mean it is there?
> >>> Or is it there and never been configured for use?
> >>> And on a single user system (as opposed to a server) do I need it at
> all?
> >>>
> >>> I apologize in advance if I (1) should start a new thread (will happily
> >>> do so), or (2) am asking stupid questions, but this thread has got me
> >>> thinking......
> >>>
> >>> Pete Smout
> >>
> >> Try searching for AppArmor, SEL is not used on Ubuntu.
> >>
> >>
> >>
> > Many thanks for the prompt replies, If it is not used what is the
> > directory for? (/selinux is completely empty)
> > A search in Synaptic for selinux shows that only libselinux1 and
> > libsemanage1 are installed on my system, are these shared libraries with
> > AppArmor or left over after upgrades (this system started out life as
> > 10.04 LTS and has been through all upgrades 10.10, 11.04 etc). I am
> > always nervous about removing lib files as the consequences may not be
> > noticed for weeks if not months, and trying to remember everything to
> > put them back is getting harder as I get older!
> >
> > As for AppArmor I have seen this mentioned when adding / removing
> > packages & updates but never had cause to investigate it. It's
> > reassuring to know that it sits there working behind the scenes to
> > protect me and my data!
> >
> > I am reasonably confidant that all the PPA's in use on my system are
> > harmless as I have pretty much only used ones from 'trustworthy' sources
> > i.e. Mozilla and hopefully I am not stupid enough to just install things
> > blindly with no research first, but as I am trying on an almost daily
> > basis to convert those less fortunate than us to the way of free open
> > source software & the delights of Ubuntu, the more info I am armed with
> > the better.
> > With great power comes great responsibility!
> >
> > The lesson here is look before you leap, only add things you can trust,
> > and if you act as a tester for app devs then make sure you can trust
> > them as there are pitfalls in the most random of places (I am sure 99.9%
> > are ok but someone has to lose this particular lotto, hopefully not me)
>
> Have a look at the package 'policycoreutils' which provides tools for
> managing SELinux. I don't think this is the same as apparmour.
>
> I could be wrong but I thought SELinux was all about implementing
> non-discretionary access controls. User's access to objects such as
> files etc is determined by who they are and what the object attributes.
> The control is set by the system manager and usually cannot be overriden
> by the user.
>
> Have a look at
> http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria
> for more details on this.
>
> Regards,
> Tony.
> >
> > Thanks again
> >
> > Pete S
> >
> >
> >
>
>
> --
> Tony Arnold,                        Tel: +44 (0) 161 275 6093
> Head of IT Security,                Fax: +44 (0) 705 344 3082
> University of Manchester,           Mob: +44 (0) 773 330 0039
> Manchester M13 9PL.                 Email: tony.arnold at manchester.ac.uk
>
> --
> ubuntu-uk at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
> https://wiki.ubuntu.com/UKTeam/
>
> --
> https://wiki.ubuntu.com/phillw <https://wiki.ubuntu.com/UKTeam/>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20130822/a8ae9d33/attachment-0001.html>

More information about the ubuntu-uk mailing list