With security requirements on a rise throughout much of the world, the demand for a more secure environment has increased. It is from this demand that the TrustedBSD project was founded with nothing more than security in mind. The TrustedBSD project aims at developing userland utilities and kernel interfaces, based on the POSIX®.1e draft, and merging them back to FreeBSD 5.X. While still in the development stage, many of the features are nearing production stability. Some of those include file system Access Control Lists (ACLs) and Mandatory Access Control (MAC) mechanisms.
So what is MAC? Mandatory Access Controls are rules that control how users access a system in order to prohibit the unauthorized disclosure of any system or user data; or provide for the indefinite integrity of system objects or subjects. For a definition of what objects and subjects are, see below. The mandatory part of the definition comes from the fact that the enforcement of the controls is done by administrators and the system, and is not left up to the discretion of users as is done with discretionary access controls (DAC, the normal access method).
This entire chapter will focus primarily on the Mandatory Access Control framework, hereon referred to simply as MAC, features. As more features are brought into FreeBSD 5.X, they will be added here.
After reading this chapter, you will know:
What MAC modules are currently included in FreeBSD and their associated policies.
What MAC policies are capable of implementing, the difference between a label and non-labeled policy.
How to efficiently configure a system to use the MAC framework.
How to configure the different policies used by the MAC modules.
How to implement a secure environment using the MAC framework and the examples shown.
How to test the MAC configuration to ensure the system is properly accepting it.
Before reading this chapter, you should:
Understand UNIX® and FreeBSD basics (Chapter 3).
Be familiar with keeping FreeBSD sources up to date (Chapter 22), and the basics of kernel configuration/compilation (Chapter 9).
Have some familiarity with security and how it pertains to FreeBSD (Chapter 10).
Warning: Please take notice that the improper use of the following information may cause loss of access to the system, aggravation of users, inability to access the features provided by XFree86™, and should not be believed to completely secure a system. The MAC framework only augments security: without a good security policy and regular security checks, believing the system to be totally secure would be completely irrational.
It should also be noted that the examples contained within this chapter are just that, examples. It is not recommended that these particular settings be rolled out on a production system. Implementing these policies takes a good deal of thought. One who does not fully understand exactly how everything works may find him or herself going back through the entire system and reconfiguring many files or directories.
This chapter covers a broad range of security in respect to the MAC framework. It is important to note that the development of MAC policies will not be covered. Writing new policies is completely beyond the initial scope of this document. As such, some policies included with the MAC framework are not covered. These include the mac_test(4), mac_stub(4) and mac_none(4) modules/policies. Each of these modules have specific characteristics which are provided for both testing and new module development.
For more information on these modules and the various mechanisms they provide, review the manual pages provided.
This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.