Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Servers

    SELinux

    Written by

    Jason Brooks
    Published September 6, 2004
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      SELinux is a set of kernel patches and utilities that boosts the security of the Linux system on which its enabled by providing for the enforcement of mandatory access control policies.

      Click here to read the full review of SELinux.

      2

      SELinux is a set of kernel patches and utilities that boosts the security of the Linux system on which its enabled by providing for the enforcement of mandatory access control policies.

      For example, we could configure a Web server to serve read-only pages, delegating the rights needed to generate or modify the pages to a separate role.

      The set of Linux kernel patches and tools that make up SELinux may be used with a variety of Linux distributions and is available for free download at www. nsa.gov/selinux/code/download5.cfm.

      eWEEK Labs tested SELinux as it ships with Red Hat Inc.s Fedora Core 2, which sports the most complete SELinux implementation of any Linux distribution we know of. Also, the NSA uses the Fedora Core Linux distribution as its development platform.

      /zimages/1/28571.gifClick here to read Labs review of Fedora Core 2.

      The Fedora Project is fast-moving and community-supported, and it serves largely as a proving ground for technologies that Red Hat expects to bring to its Enterprise Linux product line. As a result, companies may want to wait for SELinux to make its way into a more stable Linux distribution before deployment in a production setting. Red Hat has announced plans to include SELinux in Version 4 of Red Hat Enterprise Linux, due early next year. Meanwhile, Fedoras implementation of SELinux provides administrators with an opportunity to learn about and test the security extensions.

      SELinux provides for mandatory access controls through a combination of roles and types that together determine which resources may be accessed and by whom. (When applied to processes, types are also known as domains.)

      Policies define the interaction between types and roles to determine a machines access controls. Fedora Core 2 ships with a set of policies that covers most of the applications included in that distribution. Administrators may edit these policies to better fit their needs or develop new policies for their applications.

      Writing SELinux policies is an involved business, and its possible to write conflicting policies. When SELinux begins shipping as part of supported enterprise Linux distributions, companies should be able to rely on their Linux vendors to sort out these issues. Until then, there are several SELinux resources available on the Web.

      SELinux can be run in enforcing or permissive mode, or it may be disabled completely. In enforcing mode, SELinux blocks activities not specifically allowed by policy. In permissive mode, SELinux doesnt block access but logs the activities that would be blocked if an application were run with SELinux in enforcing mode.

      Permissive mode works well for testing, but in fully tested, production environments, administrators can configure SELinux machines to run only in enforcing mode.

      The first step to creating a new policy is to run an application with SELinux set to permissive mode. An SELinux utility that ships with Fedora Core 2, called audit2allow, scans the auditing messages that an application triggers when run under SELinux in permissive mode and creates a policy that would enable the application to run properly with SELinux in enforcing mode. From here, an administrator can review and further tailor the policy.

      We were able to examine the active policies on our test SELinux machine using apol, a free graphical application from Tresys Technology LLC that ships with Fedora Core 2. We could edit our policies using SePCut, another application from Tresys thats included with Fedora Core 2.

      The last time we looked at SELinux, these tools werent available. We found that they made it much easier to work with SELinux policy files and to gain insight into the policies active on our test system. As SELinux continues to develop, we expect to see new tools of this sort that will make SELinux accessible to a wider range of users.

      /zimages/1/28571.gifClick here to read a review of Suns Trusted Solaris 8.

      Senior Analyst Jason Brooks can be reached at [email protected].

      /zimages/1/28571.gifCheck out eWEEK.coms Linux & Open Source Center at http://linux.eweek.com for the latest open-source news, reviews and analysis.

      /zimages/1/77042.gif

      Be sure to add our eWEEK.com Linux news feed to your RSS newsreader or My Yahoo page

      Jason Brooks
      Jason Brooks
      As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. Jason's coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×