Enhancing Linux Security with SELinux
Security Enhanced Linux (SELinux) was developed by the National Security Agency (NSA) along with other security research organizations, such as Secure Computing Corporation (SCC). SELinux was released to the open source community in 2000 and became popular when Red Hat began implementing SELinux as a default package. Now, SElinux is used by many organizations and is widely available.
Understanding SELinux Benefits
SELinux is a security enhancement module deployed on top of Linux. It provides additional security measures and is included by default in RHEL and Fedora.
SELinux provides improved security on the Linux system via Role Based Access Controls (RBAC) on subjects and objects (aka processes and resources). "Traditional” Linux security uses Discretionary Access Controls (DAC).
SELinux is not a replacement for DAC. Instead, it is an additional security layer.
- DAC rules are still used when using SELinux.
- DAC rules are checked first and, if access is allowed, then SELinux policies ...