分类: 嵌入式
2010-01-21 09:10:50
As part of the SXE, a privileged Qt Extended system process known as SxeMonitor monitors security. SxeMonitor runs as a lightweight process that responds to security policy breaches. If an an untrusted application breaches policy the following steps are taken:
The Package Manager can be used to re-enable a disabled application.
Deleting or uninstalling the application automatically may not be desirable as:
If suspicous activity is detected but there is difficulty in isolating the errant application, then a lockdown state is initiated which:
A scenario when this might happen is during a brute force attack to guess the keys of trusted programs, if the number of negative authentications exceed the false authentication rate (currently hardcoded to 5 per minute), then all downloaded applications terminated and disabled.
Breaches are communicated to the SxeMonitor via a security log. The log serves to decouple the SxeMonitor from the rest of the Qt Extended system so that the integrity of the monitor is maintained even if other parts of Qt Extended are compromised or exploited. The cost of this decoupling is the time to react, as preiviously mentioned it is possible that an errant forked process can die before the SxeMonitor has a chance to identify what program it belonged to, nevertheless malicous programs still will not have access to any sensitive resources.
The SxeMonitor can be configured through the Sxe.conf which is located in
Parameter | Purpose |
---|---|
Size | Maximum size of the log file in bytes |
Path | Path to where the log file is located |
StampFormat | Regular expression representing the format of the log stamp for Qt Extended security messages |
LidsStampFormat | Regular expression representing the format of the log stamp of LIDS related security messages |
An example Log group entry is shown below:
[Log] Size = 1048576 Path = /mnt/documents/.log/sxe.log StampFormat="^([A-Z][a-z]{2}\\s+\\d{1,2}\\s+\\d{2}:\\d{2}:\\d{2}[^:]*qpe:\\s)(.*)$" LidsStampFormat="^([A-Z][a-z]{2}\\s+\\d{1,2}\\s+\\d{2}:\\d{2}:\\d{2}[^:]*kernel:\\s)LIDS:.*\\(dev.*\\) pid (\\d*) ppid.*:(.*)$"
See also SXE - System Integration for instructions to set up the security logging on a device.
When developing with an SXE-enabled build of Qt Extended on a desktop with qvfb, a security log should to be setup in order to have the SxeMonitor process take action in the event of a policy breach. If the security log is not set up a warning will be displayed. Processes making illegal requests will still be denied but not be killed. If you are unconcerned about this, the warning can be safely ignored.
To setup the security log, which by default is /var/log/sxe.log, log messages of priority local6.err must be redirected to it and it must give read permissions.
The following steps show how to do the redirection on SuSE10.2 with syslog-ng:
filter f_sxemon { facility(local6) and level(err); };
and create a new destination and log statement
destination sxelog{ file("/var/log/sxe.log" group(users) perm(0664)); }; log { source(src); filter(f_sxemon); destination(sxelog); };
/sbin/service syslog restart /sbin/chkconfig syslog --level 345
logger -p local6.err "arbitrary string"
If you wish to specify a log file other than /var/log/sxe.log, then edit the Sxe.conf file and modify Path parameter of the Log group. Ensure that log redirection is applied the specified file.
Also note that on a desktop environment, the Size and LidsStampFormat parameters of the Log group in Sxe.conf are effectively ignored.