FreeBSD 5.X introduced new security extensions from the TrustedBSD project based on the POSIX®.1e draft. The most important new security mechanisms are file system Access Control Lists (ACLs) and Mandatory Access Control (MAC). Mandatory Access Control allows an administrator to enforce additional security for all subjects (e.g. processes or sockets) and objects (e.g. sockets, file system objects, sysctl nodes) in the system. The mandatory part of the definition comes from the fact that the enforcement of the controls is done by administrators and the system, and is not left up to the discretion of users as is done with discretionary access control (DAC, the normal access method).
This chapter will focus on the Mandatory Access Control framework, hereon referred to simply as MAC.
After reading this chapter, you will know:
What MAC modules are currently included in FreeBSD and their associated policies.
What MAC policies are capable of implementing, the difference between a label and non-labeled policy.
How to efficiently configure a system to use the MAC framework.
How to configure the different policies used by the MAC modules.
How to implement a secure environment using the MAC framework and the examples shown.
How to test the MAC configuration to ensure the system is properly accepting it.
Before reading this chapter, you should:
Understand UNIX® and FreeBSD basics (Chapter 3).
Be familiar with the basics of kernel configuration/compilation (Chapter 9).
Have some familiarity with security and how it pertains to FreeBSD (Chapter 10).
Warning: The improper use of the information in this chapter may cause loss of access to the system, aggravation of users, or inability to access the features provided by XFree86™. More importantly, MAC should not be relied upon to completely secure a system. The MAC framework only augments existing security policy; without sound security practices and regular security checks, the system will never be completely secure.
It should also be noted that the examples contained within this chapter are just that, examples. It is not recommended that these particular settings be rolled out on a production system. Implementing these policies takes a good deal of thought. One who does not fully understand exactly how everything works may find him or herself going back through the entire system and reconfiguring many files or directories.
This chapter covers a broad range of security issues relating to the MAC framework, however, the development of new MAC policies will not be covered. A number of modules included with the MAC framework have specific characteristics which are provided for both testing and new module development. These include the mac_test(4), mac_stub(4) and mac_none(4) modules/policies. For more information on these modules and the various mechanisms they provide, please review the manual pages.
This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.