Chapter 24

Enhancing Linux Security with SELinux

In This Chapter

Learning about SELinux benefits

Learning how SELinux works

Setting up SELinux

Fixing problems with SELinux

Getting additional information on SELinux

Security Enhanced Linux (SELinux) was developed by the National Security Agency (NSA) along with other security research organizations, such as Secure Computing Corporation (SCC). SELinux was released to the open source community in 2000 and became popular when Red Hat began implementing SELinux as a default package. Now, SElinux is used by many organizations and is widely available.

Understanding SELinux Benefits

SELinux is a security enhancement module deployed on top of Linux. It provides additional security measures and is included by default in RHEL and Fedora.

SELinux provides improved security on the Linux system via Role Based Access Controls (RBAC) on subjects and objects (aka processes and resources). "Traditional” Linux security uses Discretionary Access Controls (DAC).

Note

A great deal of SELinux documentation states that SELinux uses the Mandatory Access Control (MAC) model. Remember that RBAC is a refined version of MAC (see Chapter 22, “Understanding Basic Linux Security”). Thus, the documentation is correct when it says that SELinux uses MAC.

SELinux is not a replacement for DAC. Instead, it is an additional security layer.

DAC rules are still used when using SELinux.
DAC rules are checked first and, if access is allowed, then SELinux policies ...

Get Linux Bible, 8th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Linux Bible, 8th Edition by Christopher Negus, Christine Bresnahan

Understanding SELinux Benefits

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly