- Index
- » Smart Phones - Categorized by OS
- » Other
- » An Overview of SELinux
An Overview of SELinux
An Overview of SELinux
An Overview of SELinux
In this modern world, the major concern of all the individuals and enterprises is regarding the security of their valuable data. To improve the security and control the access of the files by the compromised daemons, Linux has come forward with a new security system that can be incorporated to the Linux kernel. The implementation of this mandatory access control mechanism improves the overall security of the server and is dubbed as SELinux or Security-enhanced Linux. The SELinux forums are active, since it was launched by United States National Security Agency (NSA) on 22 December 2000.
The NSA has been searching about the significance of operating systems security mechanism and realized that OS needs high level security. Operating system security mechanisms are the foundation that is responsible for the separation of information based on confidentiality and integrity requirements. Most of the OS were using the Discretionary Access Control (DAC), which was not effective in preventing unexpected illegal access, and the attackers were able to install backdoor and take full control of the Linux system. As per NSA’s researches, the security mechanism was unable to make the separation based on the critical security feature, MAC (Mandatory Access Control). This made the NSA team to think of developing a security system that can be used in a wide range of computing environment, to ensure the security of OS. The SELinux implements the Flux Advanced Security Kernel (FLASK) to the various versions of Linux kernel.
More Information about SELinux
At the early stages, SELinux caused much problem by locking GNU/Linux into single access-control architecture. As a solution to this problem, the security architecture of SELinux was incorporated into the 2.6.x kernel using the Linux Security Modules (LSM) framework. The LSM allows the security models of SELinux to be implemented as loadable kernel modules and proved to be more functional, when used with SELinux than AppArmor.
The access control method of the OS determines whether a file or resource can be used/ accessed by a program or user. These methods vary as the operating system varies and the SELinux incorporates both MAC and RBAC (role-based access control) to the GNU/Linux operating system, which enables the server admin to define various permissions for all process in the system. All the operations are granted on the basis of policies that give only minimum privilege for the user or program that are required to complete their tasks. By default, all the communication between the users and the objects are disallowed.
SELinux can be set in two levels of security: Targeted and MIS. In the former level, all the targeted processes are protected and the latter offers Multi Level Security protection. The MIS is not supported by AppArmor. There are three modes in which the SELinux can be set -Enforcing, Permissive and Disabled. In the enforcing mode all the SELinux security policies will be strictly enforced and in permissive mode, it will give warning, when any of the SELinux policy setting is violated. As the name suggests, in the disabled mode all the policies will be totally disabled as no security policy is loaded.
As per the decision of the administrator, the SELinux security can be enabled and disabled easily. Simple commands can be used to execute the decision of the admin, and the changes can be permanent or temporary. The SELinux discussions and forums, can give you more information about SELinux and features. You can run simple commands to know more the status of the SELinux in your system. The “#getenforce “will show you whether the SELinux is enabled or not. The “#sestatus –b” gives you a detailes info about the status of SELinux on different services.
The SELinux forums states it as a set of security policies/modules used to enhance the security of the operating system, thereby preventing the attackers from taking advantage of the insecurities to gain access to a system and obtain unauthorized access to information, or to repurpose a computer in order to send spam. The SELinux discussions agree that, the implementation of SELinux has taken the credibility of Linux to a new level, but are looking forward to improve the security features from the contributions from different developers and users.
25-Jul-13 05:23:57
- Index
- » Smart Phones - Categorized by OS
- » Other
- » An Overview of SELinux
Board Info
- Online:
- There are no members online
Forum Legend:
- Topic
- New
- Locked
- Sticky
- Active
- New/Active
- New/Locked
- New Sticky
- Locked/Active
- Active/Sticky
- Sticky/Locked
- Sticky/Active/Locked
Copyright © 2010 Xeont Computer Solutions. All Rights Reserved.
Buy Computer Parts Online
Computer Parts | Computer Forum | Term of Use | Privacy Policy | About Us | Find Us On Ebay | Contact Us | jobs in sri lanka | ChicShop
Pretty Usb Flash Drives | Pink Wireless Mouse | WebDesign | SELinux | Cute USB Sticks | Bling Stationery | cute usb sticks australia | Pink Stationery
Brand New computer parts, Used computer parts, we ship computer parts to all states in Australia. buy computer parts online.