SELinux is a set of kernel patches and utilities that boosts the security of the Linux system on which its enabled by providing for the enforcement of mandatory access control policies.
For example, we could configure a Web server to serve read-only pages, delegating the rights needed to generate or modify the pages to a separate role.
eWEEK Labs tested SELinux as it ships with Red Hat Inc.s Fedora Core 2, which sports the most complete SELinux implementation of any Linux distribution we know of. Also, the NSA uses the Fedora Core Linux distribution as its development platform. Click here to read Labs review of Fedora Core 2. The Fedora Project is fast-moving and community-supported, and it serves largely as a proving ground for technologies that Red Hat expects to bring to its Enterprise Linux product line. As a result, companies may want to wait for SELinux to make its way into a more stable Linux distribution before deployment in a production setting. Red Hat has announced plans to include SELinux in Version 4 of Red Hat Enterprise Linux, due early next year. Meanwhile, Fedoras implementation of SELinux provides administrators with an opportunity to learn about and test the security extensions. SELinux provides for mandatory access controls through a combination of roles and types that together determine which resources may be accessed and by whom. (When applied to processes, types are also known as domains.) Policies define the interaction between types and roles to determine a machines access controls. Fedora Core 2 ships with a set of policies that covers most of the applications included in that distribution. Administrators may edit these policies to better fit their needs or develop new policies for their applications. Writing SELinux policies is an involved business, and its possible to write conflicting policies. When SELinux begins shipping as part of supported enterprise Linux distributions, companies should be able to rely on their Linux vendors to sort out these issues. Until then, there are several SELinux resources available on the Web. SELinux can be run in enforcing or permissive mode, or it may be disabled completely. In enforcing mode, SELinux blocks activities not specifically allowed by policy. In permissive mode, SELinux doesnt block access but logs the activities that would be blocked if an application were run with SELinux in enforcing mode. Permissive mode works well for testing, but in fully tested, production environments, administrators can configure SELinux machines to run only in enforcing mode. The first step to creating a new policy is to run an application with SELinux set to permissive mode. An SELinux utility that ships with Fedora Core 2, called audit2allow, scans the auditing messages that an application triggers when run under SELinux in permissive mode and creates a policy that would enable the application to run properly with SELinux in enforcing mode. From here, an administrator can review and further tailor the policy. We were able to examine the active policies on our test SELinux machine using apol, a free graphical application from Tresys Technology LLC that ships with Fedora Core 2. We could edit our policies using SePCut, another application from Tresys thats included with Fedora Core 2. The last time we looked at SELinux, these tools werent available. We found that they made it much easier to work with SELinux policy files and to gain insight into the policies active on our test system. As SELinux continues to develop, we expect to see new tools of this sort that will make SELinux accessible to a wider range of users. Click here to read a review of Suns Trusted Solaris 8. Senior Analyst Jason Brooks can be reached at firstname.lastname@example.org. Check out eWEEK.coms Linux & Open Source Center at http://linux.eweek.com for the latest open-source news, reviews and analysis.
The set of Linux kernel patches and tools that make up SELinux may be used with a variety of Linux distributions and is available for free download at www. nsa.gov/selinux/code/download5.cfm.