THE UNIVERSITY OF DODOMA

COLLEGE OF INFORMATICS AND VIRTUAL EDUCATION

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING (CSE)

GROUP ASSIGNMENT 1 REPORT

OPERATING SYSTEM SECURITY (IA 313)
S/N STUDENT NAME REGISTRATION NUMBER

1. SAID ATHUMAN T22-03-10341

2. AMANI NSEMWA T22-03-04265

3. ESTER HUNJA T22-03-09216

4. RAHIM SELEMAN T22-03-01684

5. ANDREW LAMECK T22-03-07308

6. LALASHE SAITABAU T22-03-07356

7. RAUHIYA ISSA SAID T22-03-05687

8. JOYCE CHARLES T22-03-11700

9. BRIAN SHIRIMA T22-03-09402

10. SAMSON MAGAWA T22-03-05154

With the help of commands show how GPG and SELinux works

GPG (GNU Privacy Guard)

GPG is a tool used for encrypting and signing data and communications. It ensures
confidentiality, integrity, and authentication. It uses public-key cryptography, where each user
has a public and private key.
How GPG Works:
Encryption: Data is encrypted using a recipient's public key and can only be decrypted by their
private key.
Signing: A digital signature can be created with a sender's private key, allowing the recipient
to verify the sender's identity.
Verification: Ensures that a message or file hasn't been altered.

Example Commands:
1. Generate a Key Pair:
 As part of our practical exercise on using GPG, we followed these steps to generate a key
pair:
1. Key Type Selection:
We started by selecting the type of key to generate. We chose the default option, "RSA
and RSA," which allows the creation of a key pair for encryption and signing.
2. Key Size Specification:
Next, we were prompted to specify the size of the RSA key. We entered 1024 as the key
size, which is within the supported range of 1024 to 4096 bits. This key size was selected
for demonstration purposes, though larger sizes provide stronger security.
3. Key Expiration Setting:
We then specified how long the key should remain valid. To ensure the key remains
usable indefinitely, we entered 0 for no expiration.
4. User Identification:
We provided the following details to create a unique User ID for the key:
• Name: Amani
• Email: [email protected]
• Comment: Amani RSA Keys
This information was displayed to confirm the User ID before proceeding.
5. Entropy Generation:
Finally, the system required the generation of random data (entropy) to create the key
securely. We followed the instructions to perform actions such as moving the mouse and
typing on the keyboard, which helped the system gather sufficient randomness for
cryptographic strength.
This process successfully generated a GPG key pair, which can now be used for secure
communication and data protection.
2. Export Public Key
We can share our public key so others can encrypt messages for us using the command:

3. Import a Public Key

To add someone else’s public key to our keyring, we use:

4. Encrypt a File
We encrypt a file using the recipient’s public key with: This will create a message.txt.gpg.
5. Decrypt a File
To decrypt the file using our private key, we run:

6. Sign a File
We can create a digital signature for a file using:

7. Verify a Signature
To verify a file’s signature, we use the command:
SELinux (Security-Enhanced Linux)
SELinux is a Linux kernel security module that enforces mandatory access controls
(MAC). It defines access policies for processes and files, restricting unauthorized actions
even if an attacker gains root privileges.
How SELinux Works:
1. Modes:
o Enforcing: SELinux policies are enforced.
o Permissive: SELinux logs policy violations but doesn't enforce them.
o Disabled: SELinux is turned off.
2. Contexts: Every file, process, and resource has an SELinux context defining its role.
Example Commands:

1. Check SELinux Status:

a. Installing

b. Check status

c. Activate or Enabling the reboot machine

d. Verify Status
2. List SELinux Contexts

To see the SELinux context associated with a file or directory, use the ll -Z command:

Explanation:
• User: unconfined_u — The user is unconfined (not restricted by SELinux).
• Role: object_r — The object role is used to label files.
• Type: xdg_documents_t — The file has the type xdg_documents_t, which is typically
assigned to user document files.
• Level: s0 — This is the security level, which in this case is s0 (the default level).

3. Change the SELinux Context of the File:

Let’s change the SELinux context of file.txt to a new type using the chcon command. For
example, we'll change it to httpd_sys_content_t (a type commonly used for web content):

Now the file has the context httpd_sys_content_t, indicating it is treated as web server content

4. Restore the Default SELinux Context:

If we want to restore the default context for file.txt, we use the restorecon command:

The file has now returned to its original SELinux context xdg_documents_t
5. View SELinux File Contexts on the System:
To list all the SELinux file contexts on your system, you can use the semanage command:

This will display the file contexts assigned to various system directories and files. For
example:

6. Add a New SELinux Policy for a Directory:

If you want to add a new SELinux policy for a specific directory, you can use semanage. For
example, let’s add a policy for a new directory /newpath and assign it the type
httpd_sys_content_t:

Apply the new context using restorecon:

sudo restorecon -R -v /newpath

Summary:
• Checking Context: ll -Z file.txt shows the SELinux context.
• Changing Context: chcon -t <new_type> file.txt changes the file's context.
• Restoring Default Context: restorecon -v file.txt restores the file's default context.
• Viewing File Contexts: semanage fcontext -l lists the contexts for system files.
• Adding New Policies: semanage fcontext -a adds a new policy for a directory.
These practical examples show how to interact with SELinux and manage file contexts.