SELinux Integrity Instrumentation (SII): Instrumenting SELinux for configuration auditing and integrity monitoring.
详细信息
文摘
SELinux is lacking methods to prove compliance with security policies and detect change. The SELinux Integrity Instrumentation (SII) parses key parts of SELinux and the Linux operating system that provide a configuration baseline. SII uses sets of hashing algorithms that allow snapshots to be taken and compared against the baseline. Configuration changes to Services, Booleans, and File Context were detected, and differences displayed. Further, the type (domain) is parsed, and relationships between services, Booleans, and file context can be viewed based on the domain. SII offers a foundation that can be explored for use standalone or integrated into existing SELinux tools. SII can be used by security administrators to ensure configuration integrity and the ability to audit configurations to security goals. It is critical to measure what needs to be managed, and SII brings a unique and innovative way to help manage SELinux.