Are you a sysadmin and feeling paranoid? Let's promote security hardening to another level. Perhaps, with the concept of Application Whitelisting you will be able to sleep again.
In this session we are going to harden a Linux system with a file access policy daemon - fapolicyd. This daemon enables administrators to block or allow specific applications and executables using a fine-grained policy. We plan to explore the daemon’s possibilities and we want to get through its configuration. We will analyze multiple variations of set ups and evaluate their security aspects. We are going to demonstrate with an altered binary how integrity checking enablement prevents malicious attack. After the session, attendees will understand how to follow a problem and design their own policy with security in mind.
This presentation is based on Red Hat/Fedora Linux environment.
Please note that this talk replaces one entitled "Sudo logs for Blue Teamers" that was due to have been given by Peter Czanik, who has sent his apologies but is now unable to attend as he has fallen ill. We wish him a speedy recovery.
Speakers: Radovan Sroka