LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
SELinux
Want to know how to make Linux really secure? Security Enhanced Linux (SE Linux), a system of security policies developed by the NSA, let you secure Linux at every level from the kernel up. Find out how EnGarde Secure Linux and others build and maintain a truly secure server environment.


SE Linux and Decrypted Data  26 November 2008 
Source: etbe.coker - Posted by Bill Keys   
There is currently a discussion on the Debian-security mailing list about how to protect data which came from an encrypted file. I was going to skip that one until someone summoned me by mentioning SE Linux.

The issue which was raised is that data from an encrypted file can be read from /dev/mem (for all memory of the machine) or /proc//mem (for the memory of the process). It was suggested that SE Linux can prevent such attacks, however itís not that simple. How do you secure data that came from an encrypted file? This article takes the position that SELinux is the answer. Do you agree after reading it?

 
Upcoming Conference Talks on SELinux Applications: sVirt and Kiosk Mode  20 November 2008 
Source: James-Morris.Livejournal.com - Posted by Burhan Syed   
Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes. Would you agree that we don't need to modify the kernel security mechanism for MAC label security? Read on for more information.
 
Upcoming Conference Talks on SELinux: sVirt and Kiosk Mode  30 October 2008 
Source: james-morris - Posted by Bill Keys   
Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes. This article looks at some interesting development in the SELinux project. What would you like to see in SELinux?
 
Virtual Desktops, Real Security  28 October 2008 
Source: ZDNet - Posted by Bill Keys   
Deep inside a nameless government department ó you will probably guess its identity, but nobody can say it officially ó a Linux desktop revolution has taken hold. For this particular organization, however, the big deal is not the fact that Linux is involved, but the way in which it is being used. What do you think? Will virtualizing the desktop make it more secure? This article looks at how virtualization and SELinux can help make an organization's desktops more secure.
 
SELinux and Security Changes in the 2.6.27 Kernel  15 October 2008 
Source: james-morris - Posted by Bill Keys   
This patch by Stephen Smalley addresses the case where "alien" SELinux security labels need to be written to the local filesystem, for example, in the case of building RPMs where the local policy is different to the policy on the system where the RPM is to be installed. This will help with enabling SELinux on build systems (e.g. in the Fedora infrastructure) and more generally with packagers and ISVs shipping third party policy with RPMS. In the recently released 2.6.27 kernel there are some functional changes in security particularly in SELinux. This article looks at those changes.
 
SELinux Memory Protections are Your Friend  05 September 2008 
Source: james-morris - Posted by Bill Keys   
I don't know what a Zend Optimizer is, but it apparently does not play well with SELinux. I've encountered a blog entry by someone who has tried to do the right thing and keep SELinux enabled, after finding the code for a policy module which makes this stuff work. When loaded, this will enable the web server to execute memory on its heap, stack or certain types of executable memory allocated via mmap(2). These are well-known attack vectors and disable some very important memory protection mechanisms. See Ulrich Drepper's SELinux Memory Protection Tests for details. What to do when SELinux does not work with a software that you want to run? This article looks into how memory protection in SELinux maybe the cause of the problem.
 
OpenSUSE Adds SELinux  21 August 2008 
Source: lwn.net - Posted by Bill Keys   
Beginning with openSUSE 11.1, SUSE users will have an additional option regarding security frameworks. In addition to AppArmor, we will be adding SELinux capabilities in openSUSE 11.1, which will allow users to enable SELinux in openSUSE if they wish. Have you hear that openSUSE 11.1 will have the options to enable SELinux? My question is how useful will enabling SElinux on SUSE will be without a useful security policy? I guess we will have to wait and see if this move will help the distributions security.
 
New SELinux Userland Project Site  18 August 2008 
Source: SELinuxNews - Posted by John P. Forman   
Tresys have announced the launch of a new source repository, bugtracker and wiki for the SELinux userland code, which may be found here. The site utilizes trac for project management and git as the source code management system. Developers should use this new repository instead of the old sourceforge site. Have you heard that Tresys has created a page for SELinux userland projects? There is some great information on it if you are interested in SELinux.
 
LinuxWorld Preview: IBM Engineer Touts SELinux  04 August 2008 
Source: searchenterpriselinux - Posted by Bill Keys   
SELinux has achieved its goal of protecting Linux systems from intrusion by unauthorized access. But the effort remains in the early adopter stage, and its supporters need to work on broader implementation and greater ease of use, according to Doc Shankar, an IBM Corp. distinguished engineer. In a preview of his LinuxWorld Conference & Expo workshop, Shankar said that the biggest benefit of SELinux is that systemwide policies automatically and absolutely enforce access controls. No one gets the unrestricted access of a "root" superuser; instead, each user is confined to what he needs to know, he said. In the case of a breech, an intruder is boxed in and can destroy only a portion of the system, he said. This article is an interesting look at one IBM Engineer's opinion about SELinux. Do you agree with what he says?
 
CDS Framework Toolkit 3.0 Released  31 July 2008 
Source: SELinux News - Posted by Bill Keys   
Tresys have announced the release of version 3.0 of their CDS (Cross Domain Solutions) Toolkit, an Eclipse-based IDE for developing CDSs with SELinux. Notable features introduced in this release include support for MLS and labeled networking, with enhancements to end user customization of generated policy and to the general development environment. Do you use any IDE programs to write and develop your SELinux policy or do you use a basic editor like vi? Which is better or more productive?
 
<< Start < Prev 1 2 3 Next > End >>

Results 11 - 20 of 88
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.