LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
SELinux
Want to know how to make Linux really secure? Security Enhanced Linux (SE Linux), a system of security policies developed by the NSA, let you secure Linux at every level from the kernel up. Find out how EnGarde Secure Linux and others build and maintain a truly secure server environment.


SELinux Labeling of Xen Images Labeling of Xen Images  19 March 2008 
Source: danwalsh's Journal - Posted by Bill Keys   
A place people sometimes trip with SELinux is the labeling of files. SELinux requires files to be labeled correctly in order to function. Discretionary Access Control has the same requirement in that file must have the correct permissions and ownership. If a file does not have the correct permissions it can not be read, written or executed. Similarly if a file is not labeled correctly SELinux will prevent read/write/execute as well as many other permissions and transitions. Are you a Xen user? If so this article will show you steps to increase your images security by using SELinux.
 
What is SE-PostgreSQL?  12 March 2008 
Posted by Ryan Berens   
If you're curious about how SELinux work with a database, and want to take your understanding to the next level, this is a great way to get started: Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension built in PostgreSQL. It works as a reference monitor within relational database management system, and provides fine-grained mandatory access control features collaborating with SELinux and its security policy.

These features enable to deploy a database management system into data flow control scheme, integrated with operating system. We call the most characteristic feature of SE-PostgreSQL as ''system-wide consistency in access controls''. Any other RDBMS cannot provide this feature in current.
 
Core SELinux Version Released  07 March 2008 
Source: SELinux News - Posted by Bill Keys   
The NSA have announced the latest release of the core userland SELinux code. According to the changelog, changes in this release include support for policy capabilities (i.e. allowing features to be selectively implemented in policy), several enhancements to libselinux, optimized matchpathcon, improved error handling and various bugfixes. The release may be downloaded here. Also noted in the release is a new page on the NSA site: Related Work, providing links to information on the underlying architecture and non-Linux implementations.
 
So, would you call it SESolaris? SEOpenSolaris?  06 March 2008 
Source: http://www.ratliff.net/blog - Posted by Ryan Berens   
We had mentioned last week that Solaris has introduced the FLASK security framework (part of the heart of SELinux) into its system. This week, a number of sites are chiming in, and this blogger has a couple of great links as well... In a major validation of the FLASK architecture, the OpenSolaris community has created a new project called Flexible Mandatory Access Control (fmac) to adapt the FLASK architecture to OpenSolaris. (The FLASK architecture that is the basis for SELinux.) Stephen Smalley will be one of the community leads. OSNews picked up the email thread today with some interesting comments.
 
SELinux Blocks Real-World Exploits  25 February 2008 
Source: www.linuxworld.com - Posted by Ryan Berens   
SELinux still has a ways to go before it becomes the standard for secure servers. But as time passes, more and more administrators are realizing that this isn't some addition that needs to be switched off - it's an incredibly effective tool that when used correctly, can stop real-world exploits from causing real-world problems. In this article, Network World gives a soup-to-nuts overview on the current state of SELinux and how it is one of the most capable ways administrators can lock-down their system.

Linux security experts are reporting a growing list of real-world security situations in which the US National Security Agency's SELinux security framework contains the damage resulting from a flaw in other software. These so-called "mitigations" are showing that a Linux feature that began as an esoteric security measure is starting to prove its worth.
What are your thoughts?
 
Role-based access control in SELinux  15 February 2008 
Source: IBM Developer Works - Posted by Ryan Berens   
Serge E. Hallyn, in his follow up to SELinux from Scratch goes into more detail on how best to utilize SELinux to its fullest potential. In this particular example, he uses the metaphor of writing a policy over a cash-register system... Very useful overview indeed.

The security policy implemented in Security-Enhanced Linux (SELinux) is type enforcement (TE) under a layer of role-based access control (RBAC). (SELinux also orthogonally implements multi-level security (MLS), which is outside the scope of this article.) TE is the most visible, and therefore the most well known, server because it enforces fine-grained permissions: when something breaks because of unexpected access denials, TE is most likely responsible. In TE, a process's security domain (its domain of influence over the system) is determined by the task's history and the currently executing program.
 
Uncovering the secrets of SE Linux: Part 1  08 February 2008 
Source: IBM Developer Works - Posted by Ryan Berens   
It's always good to take a look back right? Here we have one of the very first overviews after the introduction of SELinux into the community. And most of all, its really interesting to see how far SELinux has come. From "don't expect it to be ready for prime time" to its inclusion by default in Fedora Core, EnGarde Secure Linux and even Ubuntu Hardy, SELinux has really come a long way. Sure, its home is really to be found on the server (not the desktop), but this is one way of looking back.

And for those who still don't know too much about SELinux, you won't find many better (if thorough) overviews. Good stuff...
 
Top 10 SELinux Stories of 2007  14 January 2008 
Source: www.Linuxsecurity.com - Posted by Ryan Berens   
2007 was an interesting year for SELinux. Many issues were important and gained exposure, but what did you, the reader have to say about the most important articles in SELinux? There are many ways to judge this and one of them is by listing the most popular articles as chosen by our readers over the course of the year, based on hits. It isn't the only answer, but certainly an interesting one.

Click through to see the list of the Top SELinux stories on Linuxsecurity.com for 2007. Also: For a COMPLETE list of all the SELinux articles that have ever appeared on LinuxSecurity.com, go here Easy to follow and organized by year, it's one of many, many resources avaialable at EnGardelinux.org with regards to SELinux.

 
5 Ways SELinux may surprise you...  21 December 2007 
Source: SearchEnterpriseLinux.com - Posted by Ryan Berens   
This is one of the best overviews on some misconceptions and trends regarding SELinux that we've seen in awhile. If you are just beginning to get a feel for SELInux, or still aren't sure what it is, read this article.

In the column that follows, author and SELinux expert Frank Mayer will walk you through five of the ways that this venerable Linux security technology may surprise you.

By now, most people in the Linux world have heard of Security Enhanced Linux (SELinux). Since its initial release by the National Security Agency in 1999, SELinux has become a standard part of the Linux kernel and a supported capability in many Linux distributions including Red Hat Enterprise Linux 4 and 5.
 
Tips for Taming SE Linux, Part Two  05 December 2007 
Source: EnterpriseNetworkingPlanet - Posted by Bill Keys   
Last week we took the eagle's eye view of the principles behind SELinux. Today we'll dig a bit more deeply into SELinux policies, and then fire up Fedora 8 and see what SELinux looks like in practice. I recommend using the latest Fedora version as a SELinux training tool, because Fedora has the most mature implementation and userspace tools. Red Hat Enterprise Linux and CentOS, the leading Red Hat clone, have similar SELinux setups to Fedora. Gentoo also has a nice SELinux implementation. I don't recommend starting from scratch. Start with a working setup, and then plan to spend considerable time learning your way around it, because it is a big complex beast. SELinux is a huge security framework but this articles does a good job at taking a look at one part at a time. The next time a program is not working correctly with SELinux turned on, try to debugging the problem and add some SELinux policy.
 
<< Start < Prev 4 5 6 Next > End >>

Results 31 - 40 of 88
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.