Fedora Core 3 Tries Out Latest SELinux

Red Hat's updated community Linux distribution provides a trial run for the latest rendering of Security-Enhanced Linux, which uses Mandatory Access Control in the Linux kernel and granular permissions for users, programs, processes, files and devices.

This week saw the latest release of Red Hats community-based Linux distribution, Fedora Core 3.

While not a business release—and indeed Fedora has no official support from Red Hat Inc.—Fedora serves as a proving ground for ideas that may eventually make their way into RHEL (Red Hat Enterprise Linux).

Perhaps the most important of these new technologies being given a trial run in Fedora is the latest version of SELinux (Security-Enhanced Linux).

SELinux was first developed by the U.S. governments National Security Agency. While not intended to be a complete security solution for Linux, SELinux does strive to improve on the platforms security.

SELinux does this by implementing MAC (Mandatory Access Control) in the Linux kernel and by providing granular permissions for users, programs, processes, files and devices using the LSM (Linux Security Modules) framework.

With SELinux, the administrator has precise control over all subjects (users, programs and processes) and objects (files and devices). Thus, applications, users and processes are granted only those permissions needed to function.

Fedora Core 2 also had SELinux in it, but its security restrictions were too strict for some users, so it was turned off by default. In Core 3, however, SELinux is turned on by default with a "targeted" policy.

This new policy specifically locks down only those daemons (programs that run automatically in Linux and Unix) that are known to be vulnerable to attack or are critical to system security. Programs that arent listed under the policy run using Linuxs normal security. Of course, administrators who want to push the security envelope can apply SELinuxs polices to the entire operating system.

/zimages/3/28571.gifClick here for a review of SELinux.

Fedora Core 3 is built on top of the Linux 2.6.9 kernel. For a desktop, it offers the GNOME 2.8 and KDE 3.3 GUIs. The Linux distribution also comes with the Evolution 2.0 groupware client and an assortment of other common Linux office software.

While the source code is available, Red Hat provides only two binary versions of Fedora: x86-64 and i386. These are available for download from both Red Hats own site and as a bittorrent download as either a DVD image or four ISO images of the installation CD-ROMs.

The minimum requirements for a Fedora system are a 400 MHz Pentium II or better with 256 or more MBs of RAM. As always, the more system resources, the better.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest open-source news, reviews and analysis.