Arming Linux against hackers

In addition, you can compile the kernel to run in a permissive mode. This mode allows auditing of the security configuration policies to determine the required permissions for installed user applications and system operation. You can change the permissive mode of operation to enforcement at any time without rebuilding the system.

Why should you run SELinux?
The best reason to implement SELinux is to enforce mandatory access controls to confine user programs to the least privilege required for their operation.

Other noticeable improvements include:

Access control for kernel objects and services

Access control over process initialisation, inheritance, and program execution

Access control over file systems, directories, files, and open file descriptions

Access control over sockets, messages, and network interfaces

Final thoughts
SELinux alleviates the constant requirement to update every user and system application to prevent a system compromise. You can now apply patches and updates when convenient.

Because SELinux is still a development project, the NSA does not recommend it for use on systems that contain or protect sensitive information. However, I've run SELinux during the last year, and I've experienced no system compromises.

Test it out and judge for yourself. It's free, and it works.

« Previous
1
2
Next »

Talkback

How does SELinux stack up against grsecurity patch at www.grsecurity.org

via Facebook 21 February, 2004 20:53

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

ZDNet UK Live

SHleG: Do you remember building a clockwork scorpion kit (I'm pretty sure I have a photo of it somewhere) — I think it was called something like...

2 hours ago by songmaster on Software with everything

Good I love Yahoo! Their search engine is getting better than Google as of late. I find more of what I want on the first page, and usually within...

2 hours ago by Chris Wortman via Facebook on Linux Mint 13 ramps up for KDE release

openhgs has made the point for Windows 8 multiple monitors without realising it! With Windows 7 you have to switch the mouse and so your focus...

4 hours ago by PatrickG on Windows 8 could speed multi-monitor uptake

Mozilla has threatened to stop supporting Linux. I guess that UBUNTU is going with another browser. I indicated that if Mozilla stops supporting...

5 hours ago by Leslie Satenstein via Facebook on Firefox rapid release improves Fedora Linux

Much as I abhor Microsoft's licensing practices, this is almost certainly down to purchasing IT equipment via 3rd party consultants - you get the...

6 hours ago by Andy Bolstridge via Facebook on 6 million wasted licences and £1,200 PCs: welcome to government IT

@openhgs Windows users have had multiple desktops since Linus started writing Linux. They just haven't shipped as standard because not enough...

22 hours ago by Jack Schofield on Windows 8 could speed multi-monitor uptake

@Phil at Cloud4 What, Microsoft gets £1,200 per PC and £1,622 per server? Gosh, I'm amazed....

22 hours ago by Jack Schofield on 6 million wasted licences and £1,200 PCs: welcome to government IT

You guys have no idea what is going on at Autonomy. Autonomy could have been a much more profitable organization. The sales operations at Autonomy...

24 hours ago by craigsc on HP cuts 27,000 staff as Autonomy chief Lynch leaves

How does this impact on dual or multi booting? Seems to me to more or less prohibit this, from Windows 8 anyway. Will Grub 2 recognise Windows 8,...

24 hours ago by Moley on Windows 8 start-up speed forces USB boot workaround

I don't understand why there cannot be a slight pause during the boot process so the user can press a key. Many operating systems do this, even if...

1 day ago by apexwm on Windows 8 start-up speed forces USB boot workaround

You can now buy the Xi3 modular computer in the UK at http://www.ocdistribution.com . This can be bought with the Tand3m software, pricing and...

1 day ago by Gavin Goodman on CES 2012: Xi3 microSERV3R

I agree: Mike Lynch can clearly build a business and manage strategy. I suspect the exit of Mike is more likely the end of a planned handover...

1 day ago by Phil at Cloud4 on HP cuts 27,000 staff as Autonomy chief Lynch leaves

This is unbeleivable government wastage with only one winner... Microsoft 1 - Tax payer Nil!

1 day ago by Phil at Cloud4 on 6 million wasted licences and £1,200 PCs: welcome to government IT

So what do you do when you can't boot into windows? Why can't I just hold Shift while I power up instead of having to boot into windows and click a...

1 day ago by Mispam on Windows 8 start-up speed forces USB boot workaround

I've also seen that Mac OS X for Intel machines is supposed to run in VirtualBox, which would also be a nice solution. I've never tried it though.

1 day ago by apexwm on xTreme Triple Booting: Linux, Mac & Windows

What I wonder is why when companies are caught bang to rights in not providing contracted services, people bend over to smear the customers? Surely...

1 day ago by dave heasman on Virgin throttles broadband for high-speed customers

Strange statement from HP regarding Mike Lynch and not capable of scaling a company. Autonomy was a $7bn purchase which started as a small company...

1 day ago by pjc158 on HP cuts 27,000 staff as Autonomy chief Lynch leaves

Or - possibly, they will destroy business by ensuring people do not invest where there is no return. Another socialist idea, well beyond it's...

1 day ago by lojolondon on Open Data Institute will act as biz incubator