|
Want to know how to make Linux really secure? Security Enhanced Linux (SE Linux), a system of security policies developed by the NSA, let you secure Linux at every level from the kernel up. Find out how EnGarde Secure Linux and others build and maintain a truly secure server environment.
|
|
|
Source: bemaddening43 blog - Posted by Bill Keys
|
|
Customizing your systems SELinux policy can be necessary when running an application your policy is unaware of. Particularly, web based applications might need customization of Apache policy in order to run properly.
SELinux development is a very useful skill to have. With this skill the next time you are thinking about disabling SELinux you will know what changes are needed to the policy to get any program working with SELinux. How many of use end up disabling SELinux because it's preventing our favorite program from running?
Write Comment |
|
|
Source: selinuxnews - Posted by Bill Keys
|
|
KaiGai Koehi has announced the first release of SE-PostgreSQL, with RPMS available for Fedora 7, and documentation in Japanese and English.
Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension built into PostgreSQL. I am happy to see projects like this one. I wonder if other projects are going to pop up similar to this one?
Write Comment |
|
|
Source: selinuxnews - Posted by Bill Keys
|
|
Tresys have released new versions of SLIDE (announcement) and SETools (announcement). The new SLIDE release (v1.2) includes a network configuration GUI, usability improvements and bugfixes, while the new version of SETools (v3.3.1) is a minor bugfix release.
I have recently tested out SLIDE a SELinux development plug-in for Eclipse. I found that the plug-in gives the user at lot of information about the policy which is being developed on. After using it I have been thinking about doing all myy SELinux development on SLIDE instead of vi. What tools do you use for your policy hacking?
Write Comment |
|
|
Source: etbe - Posted by Bill Keys
|
|
Another example of SE Linux access controls on a non-Linux platform is the MAC framework in the TrustedBSD project. This implements SE Linux access controls on top of FreeBSD. From reading the documentation it seems that the amount of changes required to the SE Linux code base for implementation on TrustedBSD was significantly smaller than the changes required for Darwin.
I was surprised to see that other Unix based operating systems are porting SELinux for example, the OpenBSD project. Since SELinux is implementing in both kernel space and user space I would think there would be a lot of core changes to SELinux to make it work on other operating systems.
Write Comment (3 Comments) |
|
|
Source: selinuxnews - Posted by Bill Keys
|
|
Tresys have released new versions of SLIDE (announcement) and SETools (announcement). The new SLIDE release (v1.2) includes a network configuration GUI, usability improvements and bugfixes, while the new version of SETools (v3.3.1) is a minor bugfix release.
SLIDE is a Eclipse plug-in for SELinux development. When I do my policy development I stick with my good old vi editor. Personal I find using a IDE for writing policy makes it go slower. Do you find the SLIDE plug-in better then using a terminal editor?
Write Comment |
|
|
Source: Red Hat Magazine - Posted by Eckie Silapaswang
|
|
I know in the past few weeks I've been very "offense-oriented" - lots of discussions on the latest cracks, DefCon post-analysis, etc. Let's switch back to a good defense scheme with a great starter article on building SELinux policies. Be sure to read the comments at the end warning users on placing too much trust in audit2allow output - this is something many first timers take for granted that could lead to holes in your security layers. In this article's case, the best defense is...well, a great defense! Write Comment |
|
|
Source: Security Blog Brindle - Posted by Bill Keys
|
|
We all know that we should not turn off SELinux but how many of us really do keep it on? As I see SELinux grow, so too the number of people keeping their SELinux implementation in enforcing mode. This article states that many companies are developing new software to make using SELinux easier. How would these tools affect the SELinux policy security?
Write Comment |
|
|
Source: livejournal.com - Posted by Bill Keys
|
|
One thing that I have been a little lax about reporting is when SELinux has mitigated a vulnerability. This past week, two Samba vulnerabilities were fixed in an Red Hat Network Update. These fixes were available at the same time as public disclosure of the issues, There are no currently known public exploits of Samba available. This errata fixed two bugzillas #239774 and #239429. I would like to point out that even with these vulnerabilities being able to leverage a heap overflow to run arbitrary code on a recent RHEL is hard.
Write Comment |
|
|
Source: SecurityBlog::Brindle - Posted by Bill Keys
|
|
During the last year quite a bit of effort has gone into improving SELinux’ networking support, thanks to the great SELinux community. While this support is still evolving it will be very beneficial for people to try it out and give feedback so the final result is useful to more users and meets the security needs of a wider audience. As the network support in SELinux continues to evolve (there are already other ideas being discussed for possible inclusion) I’ll try to keep this post updated so that people who find it will have the latest information available.
Write Comment |
|
|
Source: GCN - Posted by Bill Keys
|
|
The developers of one of the most secure operating systems available will use one of the most open collaboration platforms to continue work. The development community for SELinux will can start to use a newly created wiki site for collaboration and discussion, announced James Morris on the SELinux mailing list last week.
Write Comment |
|
|
<< Start < Prev 4 5 6 Next > End >>
|
| Results 31 - 40 of 65 |
