|
Want to know how to make Linux really secure? Security Enhanced Linux (SE Linux), a system of security policies developed by the NSA, let you secure Linux at every level from the kernel up. Find out how EnGarde Secure Linux and others build and maintain a truly secure server environment.
|
|
|
Source: EnterpriseLinuxLog - Posted by Bill Keys
|
|
What I discovered is that part of SELinux’s current dilemma is more easily fixable than the other, because it has nothing to do with technological chops and everything to do with public perception. Jim Klein, the director of information services and technology at the California-based Saugus Union School District, put it best: “The biggest problem for SELinux is mindshare,” Klein told me.
Why do users think that SELinux is too hard to use? One reason, could be that it can prevents some of our favorite Linux programs from running, if we don't make changes to the default SELinux policy. I find the standard set of SELinux tools to be a great aid in getting SELinux working on in any Linux enviroment.
|
|
|
Source: SELinuxNews - Posted by Bill Keys
|
|
Stephen Smalley has announced the latest release of core SELinux userland code, with highlights including dynamic object class and permission discovery, per-command PAM configuration for the newrole utility, and several general updates and improvements.
This release update some of the SELinux core userspace programs. One interesting change is per-command PAM configuration for the userland command newrole. I am glad to see updates to the userspace utilizes being release on a regular bases. Do you think that the NSA is pushing SELinux in the right direction? |
|
|
Source: Linux MaxBlog - Posted by Ryan Berens
|
As SELinux continues to gain in popularity, more and more sites will take it upon themselves to give it another go around. Here is a great, quick intro from another standpoint, into SELinux and setting up the system.
Also nice, is the explanation of DAC versus MAC, and how they inter-relate.
If you haven't learned much about SELinux, here's a nice way to start.
|
|
|
Source: bemaddening43 blog - Posted by Bill Keys
|
|
Customizing your systems SELinux policy can be necessary when running an application your policy is unaware of. Particularly, web based applications might need customization of Apache policy in order to run properly.
SELinux development is a very useful skill to have. With this skill the next time you are thinking about disabling SELinux you will know what changes are needed to the policy to get any program working with SELinux. How many of use end up disabling SELinux because it's preventing our favorite program from running?
|
|
|
Source: selinuxnews - Posted by Bill Keys
|
|
KaiGai Koehi has announced the first release of SE-PostgreSQL, with RPMS available for Fedora 7, and documentation in Japanese and English.
Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension built into PostgreSQL. I am happy to see projects like this one. I wonder if other projects are going to pop up similar to this one?
|
|
|
Source: selinuxnews - Posted by Bill Keys
|
|
Tresys have released new versions of SLIDE (announcement) and SETools (announcement). The new SLIDE release (v1.2) includes a network configuration GUI, usability improvements and bugfixes, while the new version of SETools (v3.3.1) is a minor bugfix release.
I have recently tested out SLIDE a SELinux development plug-in for Eclipse. I found that the plug-in gives the user at lot of information about the policy which is being developed on. After using it I have been thinking about doing all myy SELinux development on SLIDE instead of vi. What tools do you use for your policy hacking?
|
|
|
Source: etbe - Posted by Bill Keys
|
|
Another example of SE Linux access controls on a non-Linux platform is the MAC framework in the TrustedBSD project. This implements SE Linux access controls on top of FreeBSD. From reading the documentation it seems that the amount of changes required to the SE Linux code base for implementation on TrustedBSD was significantly smaller than the changes required for Darwin.
I was surprised to see that other Unix based operating systems are porting SELinux for example, the OpenBSD project. Since SELinux is implementing in both kernel space and user space I would think there would be a lot of core changes to SELinux to make it work on other operating systems.
|
|
|
Source: selinuxnews - Posted by Bill Keys
|
|
Tresys have released new versions of SLIDE (announcement) and SETools (announcement). The new SLIDE release (v1.2) includes a network configuration GUI, usability improvements and bugfixes, while the new version of SETools (v3.3.1) is a minor bugfix release.
SLIDE is a Eclipse plug-in for SELinux development. When I do my policy development I stick with my good old vi editor. Personal I find using a IDE for writing policy makes it go slower. Do you find the SLIDE plug-in better then using a terminal editor?
|
|
|
Source: Red Hat Magazine - Posted by Eckie Silapaswang
|
|
I know in the past few weeks I've been very "offense-oriented" - lots of discussions on the latest cracks, DefCon post-analysis, etc. Let's switch back to a good defense scheme with a great starter article on building SELinux policies. Be sure to read the comments at the end warning users on placing too much trust in audit2allow output - this is something many first timers take for granted that could lead to holes in your security layers. In this article's case, the best defense is...well, a great defense! |
|
|
Source: Security Blog Brindle - Posted by Bill Keys
|
|
We all know that we should not turn off SELinux but how many of us really do keep it on? As I see SELinux grow, so too the number of people keeping their SELinux implementation in enforcing mode. This article states that many companies are developing new software to make using SELinux easier. How would these tools affect the SELinux policy security?
|
|
|
<< Start < Prev 4 5 6 Next > End >>
|
| Results 51 - 60 of 88 |
