SELinux to replace HBSS
795 views
Skip to first unread message
Matthew
Feb 9, 2013, 9:02:33 PM2/9/13
to mil...@googlegroups.com
Did anyone catch the news on that? I wish I had the news piece on it. But apparently we can use SELinux in place of HBSS.
--
SimonTek
912-398-6704
--
SimonTek
912-398-6704
Jack Gold
Feb 10, 2013, 2:47:14 AM2/10/13
to mil...@googlegroups.com
Yes, for a short while now.
Jack Gold
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Steven Siebert
Feb 10, 2013, 8:35:18 AM2/10/13
to mil...@googlegroups.com
Which organization(s) have declared this? Are there any policies or memos that can be cited?
Thanks,
Steve
Gunnar Hellekson
Feb 10, 2013, 9:17:59 AM2/10/13
to mil...@googlegroups.com
This was announced on the gov...@redhat.com[1] list a couple weeks ago. The text of the RHEL5 STIG's GEN006480 was changed on Jan 25 to read:
"Ask the SA or IAO if a host-based intrusion detection application is loaded on the system. The preferred intrusion detection system is McAfee HBSS available through Cybercom. If another host-based intrusion detection application, such as SELinux, is used on the system, this is not a finding."
g
[1]: https://www.redhat.com/mailman/listinfo/gov-sec
Steven Siebert
Feb 10, 2013, 9:22:00 AM2/10/13
to mil...@googlegroups.com
Great information! We're running HBSS right now and are planning on activating to SELinux in the short term. I'll run this through our high-side accreditor.
Thanks,
S
Fen Labalme
Dec 2, 2016, 5:30:13 PM12/2/16
to Military Open Source Software
Dredging up an old topic...
On Saturday, February 9, 2013 at 9:02:33 PM UTC-5, SimonTek wrote:
Did anyone catch the news on that? I wish I had the news piece on it. But apparently we can use SELinux in place of HBSS.
I'm running a live site with 70K users using Red Hat EL 7 and SELinux in Enforcing mode. Recently, the DoD compliance people have said they want to bring the system into "alignment" with other and have me install HBSS which requires weakening SELinux to Permissive mode.
The RHEL/7 STIG contains the text (under SC-7 (CCE-26818-5) Install Intrusion Detection Software):
Note in DoD environments, supplemental intrusion detection tools, such as the McAfee Host-based Security System, are available to integrate with existing infrastructure. When these supplemental tools interfere with proper functioning of SELinux, SELinux takes precedence.
My strong preference is to keep SELinux in Enforcing mode, as I believe that is more secure. Does anyone have experience with this and/or pointers to additional evidence to back up my claim?
Thank you,
=Fen
JmcBoots
Dec 2, 2016, 5:50:47 PM12/2/16
to mil...@googlegroups.com
Permissive mode disables all SELnux enforcement thus "interfering with proper functioning"
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Fen Labalme
Dec 2, 2016, 7:20:34 PM12/2/16
to Military Open Source Software
Exactly. What I'm looking for is precedent I can use to support the argument that SELinux in Enforcing mode without HBSS is better (more secure) than SELinux in Permissive mode with HBSS. If the RHEL DISA STIG says this, there must be some evidence somewhere.
Matthew
Dec 3, 2016, 1:09:58 PM12/3/16
to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+unsubscribe@googlegroups.com.
JmcBoots
Dec 4, 2016, 9:05:38 AM12/4/16
to mil...@googlegroups.com
The reason they went with SELinux over HBSS in Linux is that HIPS was only partially implemented on Linux. It does not have all the same capabilities as that of its windows cousin. See here for a wire up:
Trevor Vaughan
Dec 5, 2016, 9:49:30 AM12/5/16
to mil...@googlegroups.com
There are two major reasons that I can think of.
1) Weakening SELinux permissions means that you can only tell when someone broke into your system, you can't actually prevent it. With SELinux, you can *already* see what's going on, you don't need an additional tool.
2) In many cases, the HBSS kernel modules do not keep up with the latest vendor patches. This means that you need to hold off on potentially critical security patches until HBSS can catch up.
Also, if HBSS was a published *standard* instead of a bunch of random tools, someone could whip up a translator for auditd and SELinux logs and just feed it into the system. I thought the adoption of open standards to prevent vendor lock in was supposed to be a Federal preference but I guess that got killed under the vendor FUD.
Trevor
To unsubscribe from this group, send email to mil-oss+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+unsubscribe@googlegroups.com.
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+unsubscribe@googlegroups.com.
Trevor Vaughan
Vice President, Onyx Point, Inc
Vice President, Onyx Point, Inc
-- This account not approved for unencrypted proprietary information --
Reply all
Reply to author
Forward
0 new messages