Chapter 24

Enhancing Linux Security with SELinux

In This Chapter
Learning about SELinux benefits
Learning how SELinux works
Setting up SELinux
Fixing problems with SELinux
Getting additional information on SELinux

Security Enhanced Linux (SELinux) was developed by the National Security Agency (NSA) along with other security research organizations, such as Secure Computing Corporation (SCC). SELinux was released to the open source community in 2000 and became popular when Red Hat began implementing SELinux as a default package. Now, SElinux is used by many organizations and is widely available.

Understanding SELinux Benefits

SELinux is a security enhancement module deployed on top of Linux. It provides additional security measures and is included by default in RHEL and Fedora.

SELinux provides improved security on the Linux system via Role Based Access Controls (RBAC) on subjects and objects (aka processes and resources). "Traditional” Linux security uses Discretionary Access Controls (DAC).

A great deal of SELinux documentation states that SELinux uses the Mandatory Access Control (MAC) model. Remember that RBAC is a refined version of MAC (see Chapter 22, “Understanding Basic Linux Security”). Thus, the documentation is correct when it says that SELinux uses MAC.

SELinux is not a replacement for DAC. Instead, it is an additional security layer.

  • DAC rules are still used when using SELinux.
  • DAC rules are checked first and, if access is allowed, then SELinux policies ...

Get Linux Bible, 8th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.