Difference between revisions of "TOMOYO"
m |
(Update for TOMOYO 1.6.7 and TOMOYO 2.2.0) |
||
Line 1: | Line 1: | ||
{|style="text-align: left; background-color: AliceBlue;" | {|style="text-align: left; background-color: AliceBlue;" | ||
|- | |- | ||
− | !Download Source | + | !Download Tools Source: |
− | |http://jaist.dl.sourceforge.jp/tomoyo/30298/ccs-tools- | + | |http://jaist.dl.sourceforge.jp/tomoyo/30298/ccs-tools-1.6.7-20090401.tar.gz |
|- | |- | ||
− | !Download Patch | + | !Download Kernel Patch: |
|http://jaist.dl.sourceforge.jp/tomoyo/30297/ccs-patch-{{TOMOYO-Version}}.tar.gz | |http://jaist.dl.sourceforge.jp/tomoyo/30297/ccs-patch-{{TOMOYO-Version}}.tar.gz | ||
− | |||
− | |||
− | |||
|-} | |-} | ||
---- | ---- | ||
− | {{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles. For more information, see http://tomoyo.sourceforge.jp/wiki-e/?WhatIs.|http://tomoyo.sourceforge.jp/en/2. | + | {{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles. For more information, see http://tomoyo.sourceforge.jp/wiki-e/?WhatIs.|http://tomoyo.sourceforge.jp/en/2.2.x/}} |
== Dependencies == | == Dependencies == | ||
− | * None no more package required for LFS Linux. | + | * None (no more package required for LFS Linux.) |
== Rebuild Kernel == | == Rebuild Kernel == | ||
− | === Version 2.6. | + | === Version 2.6.29.1 Kernel and TOMOYO {{TOMOYO-Version}} === |
− | |||
− | |||
− | + | Download the ccs-patch-{{TOMOYO-Version}}.tar.gz file and put it in kernel source directory, Patch the kernel source: | |
− | |||
+ | tar xzvf ccs-patch-{{TOMOYO-Version}}.tar.gz && | ||
+ | patch -Np1 -i patches/ccs-patch-2.6.29.diff | ||
Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features. | Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features. | ||
− | === Version 2.6. | + | === Version 2.6.30-rc1 Kernel and TOMOYO 2.2 === |
− | |||
− | |||
− | + | Download 2.6.30-rc1 or later and extract it. | |
− | Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features. Go to "Security options" screen | + | Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features. Go to "Security options" screen and select "TOMOYO Linux support" as shown below. |
+ | [ ] Enable access key retention support | ||
[*] Enable different security models | [*] Enable different security models | ||
− | + | -*- Enable the securityfs filesystem | |
− | + | [ ] Socket and Networking Security Hooks | |
− | [ ] | + | -*- Security hooks for pathname based access control |
− | [*] TOMOYO Linux | + | [ ] File POSIX Capabilities |
+ | (0) Low address space to protect from user allocation | ||
+ | [*] TOMOYO Linux Support | ||
= Build TOMOYO Tools = | = Build TOMOYO Tools = | ||
− | Download the ccs-tools- | + | Download the ccs-tools-1.6.7-20090401.tar.gz file and put it somewhere. |
Change directory to ccstools/ . | Change directory to ccstools/ . | ||
Line 105: | Line 102: | ||
You will get initial configuration files in /etc/ccs/ directory. | You will get initial configuration files in /etc/ccs/ directory. | ||
− | == Configuring TOMOYO 2. | + | == Configuring TOMOYO 2.2.0 == |
Run tomoyo_init_policy.sh to perform initial configuration for TOMOYO 2.x. | Run tomoyo_init_policy.sh to perform initial configuration for TOMOYO 2.x. | ||
Line 139: | Line 136: | ||
root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default | root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default | ||
+ | |||
+ | Add boot parameter security=tomoyo to enable TOMOYO Linux 2.2.0, as shown below. | ||
+ | |||
+ | root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default security=tomoyo | ||
= Configuring Policy to Guard Linux as Needed = | = Configuring Policy to Guard Linux as Needed = | ||
Line 144: | Line 145: | ||
Login to the system as root user, and run editpolicy included in TOMOYO Linux tools. | Login to the system as root user, and run editpolicy included in TOMOYO Linux tools. | ||
− | /usr/ | + | /usr/sbin/ccs-editpolicy |
= Contents = | = Contents = | ||
+ | |||
+ | {| style="text-align: left;" | ||
+ | |-valign="top" | ||
+ | !Installed Directories: | ||
+ | | /sbin | ||
+ | |-valign="top" | ||
+ | !Installed Programs: | ||
+ | |ccs-init, tomoyo-init | ||
+ | |-valign="top" | ||
+ | !Installed Libraries: | ||
+ | | | ||
+ | |} | ||
+ | |||
+ | |||
+ | {| style="text-align: left;" | ||
+ | |-valign="top" | ||
+ | !Installed Directories: | ||
+ | |/usr/sbin | ||
+ | |-valign="top" | ||
+ | !Installed Programs: | ||
+ | |ccs-editpolicy, ccs-setlevel, ccs-setprofile, ccs-ccstree, ccs-savepolicy, ccs-auditd, ccs-findtemp, ccs-sortpolicy, ccs-ld-watch, ccs-queryd, ccs-checkpolicy | ||
+ | |-valign="top" | ||
+ | !Installed Libraries: | ||
+ | | | ||
+ | |} | ||
+ | |||
{| style="text-align: left;" | {| style="text-align: left;" | ||
Line 154: | Line 181: | ||
|-valign="top" | |-valign="top" | ||
!Installed Programs: | !Installed Programs: | ||
− | |tomoyo_init_policy.sh, init_policy.sh, editpolicy | + | |tomoyo_init_policy.sh, init_policy.sh, editpolicy, setlevel, setprofile, ccstree, savepolicy, makesyaoranconf, ccs-auditd, ccs-notifyd, findtemp, sortpolicy, ld-watch, ccs-queryd, checkpolicy |
|-valign="top" | |-valign="top" | ||
!Installed Libraries: | !Installed Libraries: | ||
Line 164: | Line 191: | ||
{| style="text-align: left;" | {| style="text-align: left;" | ||
|-valign="top" | |-valign="top" | ||
− | !editpolicy | + | !ccs-editpolicy |
− | |Edits the current policy in /proc/ccs/ directory | + | |Edits the current policy in /proc/ccs/ or /sys/kernel/security/tomoyo/ directory |
|-valign="top" | |-valign="top" | ||
− | ! | + | !ccs-setlevel |
− | | | + | |Changes the current control level (i.e. writing to /proc/ccs/profile or /sys/kernel/security/tomoyo/profile ) and displays the new control level. |
|-valign="top" | |-valign="top" | ||
− | ! | + | !ccs-setprofile |
− | |||
− | |||
− | |||
|Assigns a profile to domains. | |Assigns a profile to domains. | ||
|-valign="top" | |-valign="top" | ||
− | !ccstree | + | !ccs-ccstree |
|Lists the domainnames of currently running processes belong to and the profile numbers the domains currently assigned to. | |Lists the domainnames of currently running processes belong to and the profile numbers the domains currently assigned to. | ||
|-valign="top" | |-valign="top" | ||
− | !savepolicy | + | !ccs-savepolicy |
|Saves the on-memory policy onto disk. | |Saves the on-memory policy onto disk. | ||
|-valign="top" | |-valign="top" | ||
Line 188: | Line 212: | ||
|Reads from /proc/ccs/grant_log and /proc/ccs/reject_log and writes to the location given in the commandline parameters. | |Reads from /proc/ccs/grant_log and /proc/ccs/reject_log and writes to the location given in the commandline parameters. | ||
|-valign="top" | |-valign="top" | ||
− | !sortpolicy | + | !ccs-sortpolicy |
|Remove duplicated entry from logs written by "ccs-auditd". | |Remove duplicated entry from logs written by "ccs-auditd". | ||
|-valign="top" | |-valign="top" | ||
− | !findtemp | + | !ccs-findtemp |
|Reads domain policy from standard input and checks the existence of pathnames, and dumps the nonexistent pathnames. | |Reads domain policy from standard input and checks the existence of pathnames, and dumps the nonexistent pathnames. | ||
|-valign="top" | |-valign="top" | ||
− | !ld-watch | + | !ccs-ld-watch |
|Appends shared libraries to exception policy automatically using "allow_read" directive when the location of shared libraries in /etc/ld.so.cache has changed. | |Appends shared libraries to exception policy automatically using "allow_read" directive when the location of shared libraries in /etc/ld.so.cache has changed. | ||
|-valign="top" | |-valign="top" | ||
Line 205: | Line 229: | ||
|-valign="top" | |-valign="top" | ||
− | !checkpolicy | + | !ccs-checkpolicy |
|Reads policy files from standard input and checks syntaxes. | |Reads policy files from standard input and checks syntaxes. | ||
|-valign="top" | |-valign="top" | ||
!ccs-init | !ccs-init | ||
− | |Loads policy files from /etc/ccs/ directory. | + | |Loads policy files from /etc/ccs/ directory. Put this program as /sbin/ccs-init , and this program will be invoked automatically when execution of /sbin/init is requested by initrd. |
− | + | |-valign="top" | |
− | Put this program as /sbin/ | + | !tomoyo-init |
+ | |Loads policy files from /etc/tomoyo/ directory. Put this program as /sbin/tomoyo-init , and this program will be invoked automatically when execution of /sbin/init is requested by initrd. | ||
|} | |} | ||
[[Category:Security]] | [[Category:Security]] |
Revision as of 17:25, 11 April 2009
Contents
Introduction to TOMOYO
The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles. For more information, see http://tomoyo.sourceforge.jp/wiki-e/?WhatIs.
Project Homepage: http://tomoyo.sourceforge.jp/en/2.2.x/
Dependencies
- None (no more package required for LFS Linux.)
Rebuild Kernel
Version 2.6.29.1 Kernel and TOMOYO 1.7.2-2010804
Download the ccs-patch-1.7.2-2010804.tar.gz file and put it in kernel source directory, Patch the kernel source:
tar xzvf ccs-patch-1.7.2-2010804.tar.gz && patch -Np1 -i patches/ccs-patch-2.6.29.diff
Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.
Version 2.6.30-rc1 Kernel and TOMOYO 2.2
Download 2.6.30-rc1 or later and extract it.
Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features. Go to "Security options" screen and select "TOMOYO Linux support" as shown below.
[ ] Enable access key retention support [*] Enable different security models -*- Enable the securityfs filesystem [ ] Socket and Networking Security Hooks -*- Security hooks for pathname based access control [ ] File POSIX Capabilities (0) Low address space to protect from user allocation [*] TOMOYO Linux Support
Build TOMOYO Tools
Download the ccs-tools-1.6.7-20090401.tar.gz file and put it somewhere.
Change directory to ccstools/ .
Non-Multilib
Compile the package:
make
Install the package:
make install
Multilib
32Bit
Compile the package:
make CC="gcc ${BUILD32}"
Install the package:
make install
N32
Compile the package:
sed -i 's@/usr/lib@/usr/lib32@g' Makefile && make CC="gcc ${BUILDN32}"
Install the package:
make install
64Bit
Compile the package:
sed -i 's@/usr/lib@/usr/lib64@g' Makefile && make CC="gcc ${BUILD64}"
Install the package:
make install
Configuring
Configuring TOMOYO 1.7.2-2010804
Run init_policy.sh to perform initial configuration for ccs patch
/usr/lib/ccs/init_policy.sh
You will get initial configuration files in /etc/ccs/ directory.
Configuring TOMOYO 2.2.0
Run tomoyo_init_policy.sh to perform initial configuration for TOMOYO 2.x.
/usr/lib/ccs/tomoyo_init_policy.sh
You will get initial configuration files in /etc/tomoyo/ directory.
Configuring TOMOYO Audit Logging
cat > /etc/rc.d/init.d/ccs-auditd << EOF #!/bin/sh /usr/lib/ccs/ccs-auditd /dev/null /var/log/tomoyo/reject_log.txt EOF
chmod +x /etc/rc.d/init.d/ccs-auditd
for i in 2 3 4 5; do ln -sv ../init.d/ccs-auditd /etc/rc.d/rc${i}.d/S99ccs-auditd; done
mkdir -p /var/log/tomoyo
Configuring TOMOYO to Begin from Learning Mode
Configure TOMOYO Linux to learn system behavior.
echo '<kernel>' > /etc/tomoyo/domain_policy.conf echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf
Boot TOMOYO Linux
boot parameter CCS=<name> can be used to load profile /etc/ccs/profile-<name>.conf; without CCS being set or CCS=default, /etc/ccs/profile.conf will be loaded; with CCS=ask to let user select from available policies in /etc/ccs/ at boot time; with CCS=disable to boot as usual Linux without TOMOYO protection.
root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default
Add boot parameter security=tomoyo to enable TOMOYO Linux 2.2.0, as shown below.
root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default security=tomoyo
Configuring Policy to Guard Linux as Needed
Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.
/usr/sbin/ccs-editpolicy
Contents
Download Tools Source: | http://jaist.dl.sourceforge.jp/tomoyo/30298/ccs-tools-1.6.7-20090401.tar.gz |
---|---|
Download Kernel Patch: | http://jaist.dl.sourceforge.jp/tomoyo/30297/ccs-patch-1.7.2-2010804.tar.gz |
Installed Directories: | /sbin |
---|---|
Installed Programs: | ccs-init, tomoyo-init |
Installed Libraries: |
Installed Directories: | /usr/sbin |
---|---|
Installed Programs: | ccs-editpolicy, ccs-setlevel, ccs-setprofile, ccs-ccstree, ccs-savepolicy, ccs-auditd, ccs-findtemp, ccs-sortpolicy, ccs-ld-watch, ccs-queryd, ccs-checkpolicy |
Installed Libraries: |
Installed Directories: | /usr/lib/ccs |
---|---|
Installed Programs: | tomoyo_init_policy.sh, init_policy.sh, editpolicy, setlevel, setprofile, ccstree, savepolicy, makesyaoranconf, ccs-auditd, ccs-notifyd, findtemp, sortpolicy, ld-watch, ccs-queryd, checkpolicy |
Installed Libraries: |
Short Descriptions
ccs-editpolicy | Edits the current policy in /proc/ccs/ or /sys/kernel/security/tomoyo/ directory |
---|---|
ccs-setlevel | Changes the current control level (i.e. writing to /proc/ccs/profile or /sys/kernel/security/tomoyo/profile ) and displays the new control level. |
ccs-setprofile | Assigns a profile to domains. |
ccs-ccstree | Lists the domainnames of currently running processes belong to and the profile numbers the domains currently assigned to. |
ccs-savepolicy | Saves the on-memory policy onto disk. |
makesyaoranconf | Generates syaoran.conf, the configuration file for SYAORAN (the Tamper-Proof /dev filesystem). You can use SYAORAN filesystem if you want to run the system with read-only root fs or you want to prevent device files from tampering. |
ccs-auditd | Reads from /proc/ccs/grant_log and /proc/ccs/reject_log and writes to the location given in the commandline parameters. |
ccs-sortpolicy | Remove duplicated entry from logs written by "ccs-auditd". |
ccs-findtemp | Reads domain policy from standard input and checks the existence of pathnames, and dumps the nonexistent pathnames. |
ccs-ld-watch | Appends shared libraries to exception policy automatically using "allow_read" directive when the location of shared libraries in /etc/ld.so.cache has changed. |
ccs-queryd | Detects policy violation and displays the access request. You can tell the system whether the access request should be granted (or granted and policy should be appended to grant the access request) or rejected after you validate the access request.
By running this program while updating packages, you can avoid errors due to insufficient permissions. Never grant access requests unconditionally. The cause of policy violation is not always updating packages, but may by malicious requests by attackers. If you grant access requests caused by malicious requests by attackers, the system gets intruded. |
ccs-checkpolicy | Reads policy files from standard input and checks syntaxes. |
ccs-init | Loads policy files from /etc/ccs/ directory. Put this program as /sbin/ccs-init , and this program will be invoked automatically when execution of /sbin/init is requested by initrd. |
tomoyo-init | Loads policy files from /etc/tomoyo/ directory. Put this program as /sbin/tomoyo-init , and this program will be invoked automatically when execution of /sbin/init is requested by initrd. |