Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Want to know how to make Linux really secure? Security Enhanced Linux (SE Linux), a system of security policies developed by the NSA, let you secure Linux at every level from the kernel up. Find out how EnGarde Secure Linux and others build and maintain a truly secure server environment.

Is SELinux Really too Complex?  28 September 2007 
Source: EnterpriseLinuxLog - Posted by Bill Keys   
What I discovered is that part of SELinux’s current dilemma is more easily fixable than the other, because it has nothing to do with technological chops and everything to do with public perception. Jim Klein, the director of information services and technology at the California-based Saugus Union School District, put it best: “The biggest problem for SELinux is mindshare,” Klein told me. Why do users think that SELinux is too hard to use? One reason, could be that it can prevents some of our favorite Linux programs from running, if we don't make changes to the default SELinux policy. I find the standard set of SELinux tools to be a great aid in getting SELinux working on in any Linux enviroment.

Core SELinux Version R070925 Released  26 September 2007 
Source: SELinuxNews - Posted by Bill Keys   
Stephen Smalley has announced the latest release of core SELinux userland code, with highlights including dynamic object class and permission discovery, per-command PAM configuration for the newrole utility, and several general updates and improvements. This release update some of the SELinux core userspace programs. One interesting change is per-command PAM configuration for the userland command newrole. I am glad to see updates to the userspace utilizes being release on a regular bases. Do you think that the NSA is pushing SELinux in the right direction?
Introduction to SELinux  26 September 2007 
Source: Linux MaxBlog - Posted by Ryan Berens   
As SELinux continues to gain in popularity, more and more sites will take it upon themselves to give it another go around. Here is a great, quick intro from another standpoint, into SELinux and setting up the system.

Also nice, is the explanation of DAC versus MAC, and how they inter-relate. If you haven't learned much about SELinux, here's a nice way to start.
SELinux Policy Development - A Nice Overview  20 September 2007 
Source: bemaddening43 blog - Posted by Bill Keys   
Customizing your systems SELinux policy can be necessary when running an application your policy is unaware of. Particularly, web based applications might need customization of Apache policy in order to run properly. SELinux development is a very useful skill to have. With this skill the next time you are thinking about disabling SELinux you will know what changes are needed to the policy to get any program working with SELinux. How many of use end up disabling SELinux because it's preventing our favorite program from running?

First Release of SE-PostgreSQL  10 September 2007 
Source: selinuxnews - Posted by Bill Keys   
KaiGai Koehi has announced the first release of SE-PostgreSQL, with RPMS available for Fedora 7, and documentation in Japanese and English. Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension built into PostgreSQL. I am happy to see projects like this one. I wonder if other projects are going to pop up similar to this one?

Explore the Updated SLIDE and SETools  07 September 2007 
Source: selinuxnews - Posted by Bill Keys   
Tresys have released new versions of SLIDE (announcement) and SETools (announcement). The new SLIDE release (v1.2) includes a network configuration GUI, usability improvements and bugfixes, while the new version of SETools (v3.3.1) is a minor bugfix release. I have recently tested out SLIDE a SELinux development plug-in for Eclipse. I found that the plug-in gives the user at lot of information about the policy which is being developed on. After using it I have been thinking about doing all myy SELinux development on SLIDE instead of vi. What tools do you use for your policy hacking?

Is SE Linux only for Linux?  06 September 2007 
Source: etbe - Posted by Bill Keys   
Another example of SE Linux access controls on a non-Linux platform is the MAC framework in the TrustedBSD project. This implements SE Linux access controls on top of FreeBSD. From reading the documentation it seems that the amount of changes required to the SE Linux code base for implementation on TrustedBSD was significantly smaller than the changes required for Darwin. I was surprised to see that other Unix based operating systems are porting SELinux for example, the OpenBSD project. Since SELinux is implementing in both kernel space and user space I would think there would be a lot of core changes to SELinux to make it work on other operating systems.

New Versions of SLIDE and SETools  27 August 2007 
Source: selinuxnews - Posted by Bill Keys   
Tresys have released new versions of SLIDE (announcement) and SETools (announcement). The new SLIDE release (v1.2) includes a network configuration GUI, usability improvements and bugfixes, while the new version of SETools (v3.3.1) is a minor bugfix release. SLIDE is a Eclipse plug-in for SELinux development. When I do my policy development I stick with my good old vi editor. Personal I find using a IDE for writing policy makes it go slower. Do you find the SLIDE plug-in better then using a terminal editor?

A Step-by-Step Guide to Building a New SELinux Policy Module  23 August 2007 
Source: Red Hat Magazine - Posted by Eckie Silapaswang   
I know in the past few weeks I've been very "offense-oriented" - lots of discussions on the latest cracks, DefCon post-analysis, etc. Let's switch back to a good defense scheme with a great starter article on building SELinux policies. Be sure to read the comments at the end warning users on placing too much trust in audit2allow output - this is something many first timers take for granted that could lead to holes in your security layers. In this article's case, the best defense is...well, a great defense!

Don’t Disable SELinux!  25 June 2007 
Source: Security Blog Brindle - Posted by Bill Keys   
We all know that we should not turn off SELinux but how many of us really do keep it on? As I see SELinux grow, so too the number of people keeping their SELinux implementation in enforcing mode. This article states that many companies are developing new software to make using SELinux easier. How would these tools affect the SELinux policy security?

<< Start < Prev 4 5 6 Next > End >>

Results 51 - 60 of 88


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.