Mandatory Access Control (MAC) with SELinux

Conclusions

SELinux is a vey useful security extension. Once it is activated, SELinux runs more or less transparently in the background, monitoring the running system – as long as the distributor has paved the way by providing a policy worthy of that title. As of this writing, Fedora is the leading distribution in this respect.

Recent releases have improved the usability of SELinux; for example, the SELinux logs are easier to read than before with the setroubleshootd tool. Even inexperienced users can develop their own policy modules to place new programs under the protective shield of SELinux, with a little help from the graphical front end, system-config-selinux.

Infos

  1. NSA SELinux website: http://www.nsa.gov/selinux
  2. Reussell Coker's SELinux Debian play machines: http://www.coker.com.au/selinux/play.html
  3. Dan Walsh, Creating a Kiosk Account: http://danwalsh.livejournal.com/13376
  4. "A Step-By-Step Guide to Building a New Policy Module", by Dan Walsh, Red Hat Magazine, August 2007: http://redhatmagazine.com/2007/08/21/a-step-by-step-guide-to-building-a-new-selinux-policy-module.html

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • SELinux

    SELinux provides a comprehensive Mandatory Access Control system for Linux, if you are ready for all the details.

  • AppArmor vs. SELinux

    Security Enhanced Linux or App Armor? Linux Magazine invited two well-known personalities from Red Hat and Novell to debate the merits of their security systems.

  • SELinux Sandbox for Untrusted Programs

    The security framework SELinux is set to offer a Sandbox in which applications deemed insecure can be partitioned off from other system areas.

  • AppArmor

    When an attacker succeeds in infecting a victim’s system, the attacker inherits the victim’s privileges. App Armor beats the attack by reducing the potential victim’s privileges to a minimum.

  • Linux Intrusion Detection System

    If you're ready for mandatory access control and you're looking for an alternative to SELinux and AppArmor, try locking down your system with Linux Intrusion Detection System.

comments powered by Disqus

Direct Download

Read full article as PDF:

036-043_selinux.pdf (1.77 MB)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia