SELinux is an open source project sponsored by the National Security Agency, to help implement mandatory access control. It is a subsystem which provides a much more secure framework to Linux, then can be achieved from the operating systems level. It implements mandatory access controls that give you finer granularity in terms of security measures and is made up of both kernel and user-space components.

In SELinux, privileges are specified rather then relying on the typical Unix/Linux method of doing things, which is by user and group. This is done by using role based access controls. The two common roles are the user_r role and the system_r, for system administrators.

Be forewarned, if you are have servers (Web or DNS) that are exposed to the Internet, then one should look very strongly into how SELinux might help. If you are just running things like Oracle servers internally, with no external access, you may not want to go through the trouble, as there is a lot to learn and more to do. One might even need a special type security type administrator, as security will no longer just be the domain of the user that handles their files alone, it could be managed centrally by this administrator. If you use Linux as your firewall, think about putting it here as well. The key word here is think before you deploy.

Read this full article at SearchEnterpriseLinux

Write Comment
Please keep the topic of messages relevant to the subject of the article. Personal verbal attacks will be deleted. Please don't use comments to plug your web site.. Such material will be removed.
Name:
Title:
Comment:
Code:*

Powered by AkoComment!