Red Hat tools for SELinux

Created by Stuart Yeates (University of Oxford) on December 12, 2006

Mayank Sharma writes about some of the features that Red Hat is rolling out to support SELinux on the desktop. SELinux is an NSA-developed security system for locking down Linux. The new tools are GUI tools which allow end-users to configure, examine and analyse an SELinux system. SELinux is unlikely to be suited to non-technical users and still looks to be a significant administration burden even with the new tools, but it's a must-have for the security conscious.

The benefit of SELinux is twofold. First, it replaces the user-based model with a policy-centric model. Every action, like running an application or reading and modifying data, is controlled by a security policy. Actions that violate the policy are denied. Additionally, SELinux compartmentalizes the various applications and processes running on the system. This not only helps in isolating a break-in, but also confines the damage caused by one compromised service. SELinux plugs into the Linux distribution through the Linux Security Module (LSM) hooks, which are available in the 2.6.x kernel series. LSM was designed to integrate security models to work with the kernel, instead of applying them as a patch.

Stuart's blog
Login or register to post comments
3789 reads

		Red Hat tools for SELinux Created by Stuart Yeates (University of Oxford) on December 12, 2006 Mayank Sharma writes about some of the features that Red Hat is rolling out to support SELinux on the desktop. SELinux is an NSA-developed security system for locking down Linux. The new tools are GUI tools which allow end-users to configure, examine and analyse an SELinux system. SELinux is unlikely to be suited to non-technical users and still looks to be a significant administration burden even with the new tools, but it's a must-have for the security conscious. The benefit of SELinux is twofold. First, it replaces the user-based model with a policy-centric model. Every action, like running an application or reading and modifying data, is controlled by a security policy. Actions that violate the policy are denied. Additionally, SELinux compartmentalizes the various applications and processes running on the system. This not only helps in isolating a break-in, but also confines the damage caused by one compromised service. SELinux plugs into the Linux distribution through the Linux Security Module (LSM) hooks, which are available in the 2.6.x kernel series. LSM was designed to integrate security models to work with the kernel, instead of applying them as a patch. Cybersecurity \| Linux \| NSA \| open_source \| red hat \| Security Architecture \| SELinux Stuart's blog Login or register to post comments 3789 reads
		© Copyright 1999-2009 EDUCAUSE Need Help? \| Feedback \| Privacy Policy
	Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.