This Slide consists of the security topic comes in the Linux Platform only.
It basically changes the context of the files stored in the server or the client system and thus prevent the unauthorized access.
2. OUTLINE
• What is SELinux
• History of SELinux
• SELinux Security Models
• SELinux Policy
• SELinux Usage
• SELinux Commands
• Demonstration
• References
3. WHAT IS SELINUX?
• Security-Enhanced Linux is a Linux kernel security module that provides a mechanism for supporting
access control security policies, including United States Department of Defense –style mandatory access
controls.
• The key concepts underlying SELinux can be traced to several earlier projects by the United States
National Security Agency (NSA).
4. HISTORY OF SELINUX
• The NSA, the original primary developer of SELinux, released the first version to the open source
development community under the GNU GPL on December 22, 2000.
• The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003.
• Other significant contributors include Red Hat, Network Associates, Secure Computing Corporation,
Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE
implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin
operating systems.
5. SECURITY MODELS
• Type Enforcement (TE)
• Confine processes (subjects) to domains by using security contexts.
• Role-based Access Control (RBAC)
• Recognizes that users often need to move from 1 domain to another. RBAC rules
explicitly allow roles to move from one domain to another
• Multi-Level Security
• Users allowed to read at one level cannot read at higher levels. Also users allowed to
write at 1 level are not allowed to write at a lower level. (Ensures that secure
information does not propagate to lower levels.
6. SELINUX POLICY
• Security Context determined by system policy file
• Policy is a compiled file, based on a text file that you define (or a default
file that you use). This defines all of the various file and user contexts that
you want to be active in your system
• Compiled policy stored in /etc/selinux/targeted/policy
• Based on contexts in /etc/selinux/targeted/contexts
7. SELINUX USAGE
• Enable / Disable SELinux
• selinuxenabled
• Set enforcement policy permissive / disabled
• Setenforce / getenforce
• Set Policy type
• Targeted (only monitor specific services and files)
• Strict (monitor everything)
• Defined in /etc/selinux/config
• If targeted, select policies for each service