PitBull LX
| PitBull LX | |
|---|---|
| Basic data
|
|
| developer | General Dynamics |
| Current version | Linux 2.1, Solaris 2.0 |
| operating system | Linux 2.6.9, Solaris 10 |
| category | operating system |
| License | Proprietary |
| German speaking | No |
| Product Overview | |
PitBull is a secure application environment developed by the Argus Systems Group. At the end of 2012 the company was bought by General Dynamics , one of the largest defense companies in the USA . The PitBull LX version is a modified Linux or Solaris kernel . The standard file permissions ( DAC ), which only apply at user level, are extended at process level. The rights model corresponds to the lattice (or compartment) model : Access rights (read, write, execute) to a file are only granted if the accessing process has all the necessary access classifications (here called domains).
In addition, the option of restricting network access at the process level (so-called netrules) is implemented. Similar filter mechanisms apply here as with firewalls between separate systems. In addition, interprocess communication via Unix sockets can also be restricted.
The further development of PitBull LX has been discontinued in favor of the PitBull Foundation , because PitBull Foundation not only has the features of PitBull LX but also the hierarchical authorization structures (Top Secret, Secret, Confidential, Unclassified ...) between different, collaborating people, especially those required in the military and public authority environment Countries, organizations or partner companies across networks using the CIPSO IP header standard.
technology
The extended rights structures for files are stored in addition to the standard DAC authorizations in the inode table of the ext3 file system (Linux version). An accessing process must have the necessary authorizations for both rights systems (PitBull LX and DAC) for an operation (read, write, execute).
The netrules are loaded into the PitBull LX kernel module via a configuration file (usually / etc / argus / netrules) . The criteria for rules are the source and destination IP address , port , protocol ( TCP , UDP , ICMP ...) and the network interface used .
In the case of executable binary files , processes receive the access classifications (domains) when they are started via other structures stored in the inode tables. There is a wrapper program (lxexec) for scripts , which inherits the domains via parameter specifications to the script to be executed.
For the allocation of domains to the execution environment for the user logins at the console , a is PAM module provided. The differentiated adjustment of the rights takes place in the file / etc / argus / users, whereby a distinction can be made between a local login and a remote login (for example via ssh ).
target
The modification also makes it possible to restrict processes that are executed as root user, so that each process is executed for itself as if it were in its own virtual machine . This significantly reduces the damage in the event of a successful hack . This is achieved by restricting access to files that are on the same system, similar to the chroot concept. In addition, the Netrules also restrict the communication (IP network and Unix sockets ) between the services, similar to a firewall, so that the attacker does not get any further access via this detour.
Mandatory Access Control can also be used to implement much more complex authorization structures, such as those often used in the military or large authorities.
advantages
- The extended rights structure logically separates services executed on a system from one another so that a level of security similar to that of virtualization is achieved.
- In contrast to other virtualization solutions, the kernel code is only executed once; multiple operating system installations (and licenses) are not necessary.
- In contrast to chroot environments, there is no need for multiple libraries and configuration environments to exist on one system. In addition, it is not possible to restrict network access in chrooted environments. A successful attacker can thus attack other services running on the system directly from the chroot environment via the open network ports.
- The security of the concept was proven in two open hacks, with the Open Hack III announcing a bonus of up to $ 50,000.
- Multi-level authorization concepts can be implemented.
- The concept is similar to that of SELinux , but there are no Netrules or similar, so that network access between the processes cannot be restricted.
disadvantage
- It is a paid product from General Dynamics.
- The number of kernel hooks (far more than 2000, Linux version) makes it difficult to run other kernel patches in parallel with PitBull LX.
- Exact knowledge of the file and network access of the individual services is necessary so that they can be efficiently secured or even function properly with the restricted rights.