Get the LinuxSecurity news you want faster with RSS
Powered By
SELinux
Want to know how to make Linux really secure? Security Enhanced Linux (SE Linux), a system of security policies developed by the NSA, let you secure Linux at every level from the kernel up. Find out how EnGarde Secure Linux and others build and maintain a truly secure server environment.
Source: IBM Developer Works - Posted by Ryan Berens
Serge E. Hallyn, in his follow up to
SELinux from Scratch goes into more detail on how best to utilize SELinux to its fullest potential. In this particular example, he uses the metaphor of writing a policy over a cash-register system... Very useful overview indeed.
The security policy implemented in Security-Enhanced Linux (SELinux) is type enforcement (TE) under a layer of role-based access control (RBAC). (SELinux also orthogonally implements multi-level security (MLS), which is outside the scope of this article.) TE is the most visible, and therefore the most well known, server because it enforces fine-grained permissions: when something breaks because of unexpected access denials, TE is most likely responsible. In TE, a process's security domain (its domain of influence over the system) is determined by the task's history and the currently executing program.
Source: IBM Developer Works - Posted by Ryan Berens
It's always good to take a look back right? Here we have one of the very first overviews after the introduction of SELinux into the community. And most of all, its really interesting to see how far SELinux has come. From "don't expect it to be ready for prime time" to its inclusion by default in Fedora Core, EnGarde Secure Linux and even Ubuntu Hardy, SELinux has really come a long way. Sure, its home is really to be found on the server (not the desktop), but this is one way of looking back.
And for those who still don't know too much about SELinux, you won't find many better (if thorough) overviews. Good stuff...
Source: www.Linuxsecurity.com - Posted by Ryan Berens
2007 was an interesting year for SELinux. Many issues were important and gained exposure, but what did you, the reader have to say about the most important articles in SELinux? There are many ways to judge this and one of them is by listing the most popular articles as chosen by our readers over the course of the year, based on hits. It isn't the only answer, but certainly an interesting one.
Click through to see the list of the Top SELinux stories on Linuxsecurity.com for 2007.
Also: For a COMPLETE list of all the SELinux articles that have ever appeared on LinuxSecurity.com, go here
Easy to follow and organized by year, it's one of many, many resources avaialable at EnGardelinux.org with regards to SELinux.
Source: SearchEnterpriseLinux.com - Posted by Ryan Berens
This is one of the best overviews on some misconceptions and trends regarding SELinux that we've seen in awhile. If you are just beginning to get a feel for SELInux, or still aren't sure what it is, read this article.
In the column that follows, author and SELinux expert Frank Mayer will walk you through five of the ways that this venerable Linux security technology may surprise you.
By now, most people in the Linux world have heard of Security Enhanced Linux (SELinux). Since its initial release by the National Security Agency in 1999, SELinux has become a standard part of the Linux kernel and a supported capability in many Linux distributions including Red Hat Enterprise Linux 4 and 5.
Source: EnterpriseNetworkingPlanet - Posted by Bill Keys
Last week we took the eagle's eye view of the principles behind SELinux. Today we'll dig a bit more deeply into SELinux policies, and then fire up Fedora 8 and see what SELinux looks like in practice. I recommend using the latest Fedora version as a SELinux training tool, because Fedora has the most mature implementation and userspace tools. Red Hat Enterprise Linux and CentOS, the leading Red Hat clone, have similar SELinux setups to Fedora. Gentoo also has a nice SELinux implementation. I don't recommend starting from scratch. Start with a working setup, and then plan to spend considerable time learning your way around it, because it is a big complex beast.
SELinux is a huge security framework but this articles does a good job at taking a look at one part at a time. The next time a program is not working correctly with SELinux turned on, try to debugging the problem and add some SELinux policy.
Source: Enterprisenetworkingplanet.com - Posted by Ryan Berens
Wanted to learn a few more tips on SELinux and get a feel for what it does? Carla Schroeder chimes in again regarding SELinux as a whole and its policies:
An SELinux policy has no concept of an all-powerful superuser, but only what is allowed and what is not allowed. It takes away the destructive potential of root. A successful intrusion will be confined to the process that it compromises, and will not be able to escalate beyond it. Sounds a bit like a chroot jail, doesn't it?
Fedora takes a some time and interviews Dan Walsh, one of the project leads on SELinux development. They ask him a couple questions about SELinux, open source and what he's been doing at Red Hat:
We all appreciate that when we turn on our Linux systems they're pretty secure. Thanks to continuing improvements to SELinux, it is increasingly easy for users to take advantage of this powerful security tool. Read on to find an interview with Daniel Walsh, the principal developer of SELinux in Fedora from Red Hat, where he tells us more about what SELinux does and how it's improved in Fedora 8. Also included are some screenshots which show-off the new policy creation GUI.
Yuichi Nakamura has announced the release of version 2.2.0 of SELinux Policy Editor (SEEdit). This release includes support for Fedora 8 and embedded systems. The performance of the simplified policy compiler has been improved, and it also now supports cross compilation of policy.
Do you like using these types of SELinux editing tools? The purpose of theses tools is to help make administrating a system with SELinux enabled easier. Do you feel they help?
One of our featured blogs, Dan Walsh provides a HOWTO on creating an SELinux policy.
In this blog I will actually walk through the Samba SELinux policy. As you know Policy is made up of three files, File Context (FC) Type Enforcement (TE) and an Interface file (IF)
This is an extremely thorough and detailed overview.
Just how much is security, especially in high-demand Government sectors, going to be driven and how is SELinux going to play a part?
This is a very interesting analysis on how SELinux has the opportunity to be so effective at locking down a system, it could devalue the current break up of security solutions.
Interest in multi-level security in the intelligence and Defense agencies seems to be high right now, because it would allow analysts to access networks of multiple security levels with one machine. Now (so we hear) analysts may have two or three PCs in their office, one for each security level.
The case he makes is that SELinux has the potential to negate these different levels and systems. Could SELinux have that kind of effect or are high-demand users still going to expect multiple systems?
