|
Want to know how to make Linux really secure? Security Enhanced Linux (SE Linux), a system of security policies developed by the NSA, let you secure Linux at every level from the kernel up. Find out how EnGarde Secure Linux and others build and maintain a truly secure server environment.
|
|
|
Source: etbe.coker - Posted by Bill Keys
|
|
There is currently a discussion on the Debian-security mailing list about how to protect data which came from an encrypted file. I was going to skip that one until someone summoned me by mentioning SE Linux.
The issue which was raised is that data from an encrypted file can be read from /dev/mem (for all memory of the machine) or /proc//mem (for the memory of the process). It was suggested that SE Linux can prevent such attacks, however it’s not that simple.
How do you secure data that came from an encrypted file? This article takes the position that SELinux is the answer. Do you agree after reading it?
|
|
|
Source: James-Morris.Livejournal.com - Posted by Burhan Syed
|
|
Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes.
Would you agree that we don't need to modify the kernel security mechanism for MAC label security? Read on for more information. |
|
|
Source: james-morris - Posted by Bill Keys
|
|
Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes.
This article looks at some interesting development in the SELinux project. What would you like to see in SELinux? |
|
|
Source: ZDNet - Posted by Bill Keys
|
|
Deep inside a nameless government department — you will probably guess its identity, but nobody can say it officially — a Linux desktop revolution has taken hold. For this particular organization, however, the big deal is not the fact that Linux is involved, but the way in which it is being used.
What do you think? Will virtualizing the desktop make it more secure? This article looks at how virtualization and SELinux can help make an organization's desktops more secure. |
|
|
Source: james-morris - Posted by Bill Keys
|
|
This patch by Stephen Smalley addresses the case where "alien" SELinux security labels need to be written to the local filesystem, for example, in the case of building RPMs where the local policy is different to the policy on the system where the RPM is to be installed. This will help with enabling SELinux on build systems (e.g. in the Fedora infrastructure) and more generally with packagers and ISVs shipping third party policy with RPMS.
In the recently released 2.6.27 kernel there are some functional changes in security particularly in SELinux. This article looks at those changes. |
|
|
Source: james-morris - Posted by Bill Keys
|
|
I don't know what a Zend Optimizer is, but it apparently does not play well with SELinux. I've encountered a blog entry by someone who has tried to do the right thing and keep SELinux enabled, after finding the code for a policy module which makes this stuff work.
When loaded, this will enable the web server to execute memory on its heap, stack or certain types of executable memory allocated via mmap(2). These are well-known attack vectors and disable some very important memory protection mechanisms. See Ulrich Drepper's SELinux Memory Protection Tests for details.
What to do when SELinux does not work with a software that you want to run? This article looks into how memory protection in SELinux maybe the cause of the problem. |
|
|
Source: lwn.net - Posted by Bill Keys
|
|
Beginning with openSUSE 11.1, SUSE users will have an additional option
regarding security frameworks. In addition to AppArmor, we will be
adding SELinux capabilities in openSUSE 11.1, which will allow users to
enable SELinux in openSUSE if they wish.
Have you hear that openSUSE 11.1 will have the options to enable SELinux? My question is how useful will enabling SElinux on SUSE will be without a useful security policy? I guess we will have to wait and see if this move will help the distributions security. |
|
|
Source: SELinuxNews - Posted by John P. Forman
|
|
Tresys have announced the launch of a new source repository, bugtracker and wiki for the SELinux userland code, which may be found here. The site utilizes trac for project management and git as the source code management system. Developers should use this new repository instead of the old sourceforge site.
Have you heard that Tresys has created a page for SELinux userland projects? There is some great information on it if you are interested in SELinux. |
|
|
Source: searchenterpriselinux - Posted by Bill Keys
|
|
SELinux has achieved its goal of protecting Linux systems from intrusion by unauthorized access. But the effort remains in the early adopter stage, and its supporters need to work on broader implementation and greater ease of use, according to Doc Shankar, an IBM Corp. distinguished engineer.
In a preview of his LinuxWorld Conference & Expo workshop, Shankar said that the biggest benefit of SELinux is that systemwide policies automatically and absolutely enforce access controls. No one gets the unrestricted access of a "root" superuser; instead, each user is confined to what he needs to know, he said. In the case of a breech, an intruder is boxed in and can destroy only a portion of the system, he said.
This article is an interesting look at one IBM Engineer's opinion about SELinux. Do you agree with what he says? |
|
|
Source: SELinux News - Posted by Bill Keys
|
|
Tresys have announced the release of version 3.0 of their CDS (Cross Domain Solutions) Toolkit, an Eclipse-based IDE for developing CDSs with SELinux. Notable features introduced in this release include support for MLS and labeled networking, with enhancements to end user customization of generated policy and to the general development environment.
Do you use any IDE programs to write and develop your SELinux policy or do you use a basic editor like vi? Which is better or more productive?
|
|
|
<< Start < Prev 1 2 3 Next > End >>
|
| Results 11 - 20 of 88 |
