2016-12-06 22:49:33

by walid.fakim

[permalink] [raw]
Subject: [refpolicy] SELinux and IMA

Hi Guys,

Does anyone here have experience of using both SELinux & Integrity Measurement Architecture (IMA) on a target system? From my online reading, they perform different functions and achieve different security goals - how do they perform when used together?

Would be great to hear anyone's experience, good or bad.

Thanks.

Best Regards,

Walid Fakim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20161206/7b0dc0e3/attachment.html


2016-12-08 13:21:25

by Jason Zaman

[permalink] [raw]
Subject: [refpolicy] SELinux and IMA

On Tue, Dec 06, 2016 at 10:49:33PM +0000, Fakim, Walid via refpolicy wrote:
> Hi Guys,
>
> Does anyone here have experience of using both SELinux & Integrity Measurement Architecture (IMA) on a target system? From my online reading, they perform different functions and achieve different security goals - how do they perform when used together?
>
> Would be great to hear anyone's experience, good or bad.

I dont personally have much experience, but here is some info that Sven
has put on the gentoo wiki.

https://wiki.gentoo.org/wiki/Project:Integrity
https://wiki.gentoo.org/wiki/Integrity
https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture
https://wiki.gentoo.org/wiki/Extended_Verification_Module

AIUI, there is more of a link between EVM and SELinux than between IMA
and SELinux so you might want to look at that as well.

I use tboot (Intel TXT) on my laptop so know that part and TPM
interaction but I have not had the time to fully explore IMA and what
happens there.

Is there something specific you are trying to work on? Maybe if you
explained more what you're looking for we could provide more pointers?

-- Jason

2016-12-08 18:01:17

by sven.j.vermeulen

[permalink] [raw]
Subject: [refpolicy] SELinux and IMA

You can use IMA and SELinux together perfectly. With EVM you can even
protect SELinux attributes from being tampered with. The documentation
surrounding IMA/EVM is limited though.

On Dec 6, 2016 11:50 PM, "Fakim, Walid via refpolicy" <
[email protected]> wrote:

> Hi Guys,
>
>
>
> Does anyone here have experience of using both SELinux & Integrity
> Measurement Architecture (IMA) on a target system? From my online reading,
> they perform different functions and achieve different security goals ? how
> do they perform when used together?
>
>
>
> Would be great to hear anyone?s experience, good or bad.
>
>
>
> Thanks.
>
>
>
> Best Regards,
>
>
>
> Walid Fakim
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20161208/190b8485/attachment.html

2016-12-12 22:18:24

by walid.fakim

[permalink] [raw]
Subject: [refpolicy] SELinux and IMA

Hi Jason,

Apologies for the late response. I went through the existing info from the Gentoo website which has been helpful.

>>> Is there something specific you are trying to work on? Maybe if you explained more what you're looking for we could provide more pointers?

I was just looking at some host-level security tools that would be complementary to one another, I looked into grsecurity, SELinux and IMA/EVM. Since grsecurity costs' are prohibitive for our budget ;) and IMA/EVM is still a bit too "bleeding edge", we have ruled them out of our security suite for now.

Thanks.

Best Regards,

Walid Fakim

-----Original Message-----
From: Jason Zaman [mailto:jason at perfinion.com]
Sent: 08 December 2016 13:21
To: Fakim, Walid
Cc: refpolicy at oss.tresys.com
Subject: Re: [refpolicy] SELinux and IMA

On Tue, Dec 06, 2016 at 10:49:33PM +0000, Fakim, Walid via refpolicy wrote:
> Hi Guys,
>
> Does anyone here have experience of using both SELinux & Integrity Measurement Architecture (IMA) on a target system? From my online reading, they perform different functions and achieve different security goals - how do they perform when used together?
>
> Would be great to hear anyone's experience, good or bad.

I dont personally have much experience, but here is some info that Sven has put on the gentoo wiki.

https://wiki.gentoo.org/wiki/Project:Integrity
https://wiki.gentoo.org/wiki/Integrity
https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture
https://wiki.gentoo.org/wiki/Extended_Verification_Module

AIUI, there is more of a link between EVM and SELinux than between IMA and SELinux so you might want to look at that as well.

I use tboot (Intel TXT) on my laptop so know that part and TPM interaction but I have not had the time to fully explore IMA and what happens there.

Is there something specific you are trying to work on? Maybe if you explained more what you're looking for we could provide more pointers?

-- Jason