ZDNet UK / News and Analysis / Application Development

Arming Linux against hackers

By Michael Mullins, TechRepublic, 18 February, 2004 14:40

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Linux, Hackers, Open source, us national security agency, Security-Enhanced Linux

In addition, you can compile the kernel to run in a permissive mode. This mode allows auditing of the security configuration policies to determine the required permissions for installed user applications and system operation. You can change the permissive mode of operation to enforcement at any time without rebuilding the system.

Why should you run SELinux?
The best reason to implement SELinux is to enforce mandatory access controls to confine user programs to the least privilege required for their operation.

Other noticeable improvements include:

Access control for kernel objects and services

  • Access control over process initialisation, inheritance, and program execution
  • Access control over file systems, directories, files, and open file descriptions
  • Access control over sockets, messages, and network interfaces

    • Final thoughts
    SELinux alleviates the constant requirement to update every user and system application to prevent a system compromise. You can now apply patches and updates when convenient.

    Because SELinux is still a development project, the NSA does not recommend it for use on systems that contain or protect sensitive information. However, I've run SELinux during the last year, and I've experienced no system compromises.

    Test it out and judge for yourself. It's free, and it works.

    Related stories

    Linux hackers converge in Australia

    WatchGuard protects SMEs with Linux Firebox

    Attacker attempts to plant Trojan in Linux

    Xbox clusters up at Linux Expo

    Perens: Linux could learn from Apple

    Talkback

    How does SELinux stack up against grsecurity patch at www.grsecurity.org

    via Facebook 21 February, 2004 20:53
    Reply

    Post your comment

    In order to post a comment you need to be registered and logged in.

    You can also log in with Facebook. Log in or create your ZDNet UK account below

    • Login

    Will not be displayed with your comment

    By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

    Get ZDNet UK's daily newsletter

    Enter your email address to sign up

    ZDNet UK Live

    bordero

    ike fuelband is great for every healthminded person ! to work out! theres this website called textme4free.com that you can use to text anywhere in...

    7 hours ago by bordero on Nike's FuelBand wristband gamifies exercise
    BrownieBoy

    > I'm told it's somewhat annoying when people have their Macs stolen > and Apple stores treat the thief as the owner, but there you go. Ouch,...

    9 hours ago by BrownieBoy on AMD Ultrathins to challenge Intel Ultrabooks
    Moley

    @kevinmchapman. OK, I acknowledge that 'most' was a gratuitous throwaway comment as an afterthought and too presumptuous. As to proof, as you...

    14 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
    Jack Schofield

    @BrownieBoy > Works really well for thieves.... >> Nice attempt to deflect the argument by tossing in a point that's totally >> irrelevant, even...

    15 hours ago by Jack Schofield on AMD Ultrathins to challenge Intel Ultrabooks
    raskolnikof

    fantastic that the so called piracy bills have been withdrawn. however, these anti-democracy supporters are still in the shadows so lets be alert...

    16 hours ago by raskolnikof on SOPA, Protect IP support wavers in face of online protest
    Tony Douglas

    Please God no; teach them anything you like - thinking rationally, the uses and misuses of data, what data is and what it's not - but leave the...

    18 hours ago by Tony Douglas via Facebook on Kids are the future. Teach ’em to code.
    BrownieBoy

    @Jack, > Works really well for thieves.... Nice attempt to deflect the argument by tossing in a point that's totally irrelevant, even it were...

    1 day ago by BrownieBoy on AMD Ultrathins to challenge Intel Ultrabooks
    bootlegger

    Make that 13 people now - I got refused today at Manchester airport. I thought I was up to date on this legislation - I knew of the EU ruling from...

    1 day ago by bootlegger on UK airport body scans will not be opt out
    tinycg

    Don't forget to check out apps like GoodReader or SlideShark either, they're indispensible for people on the go in presentation situations. Best...

    2 days ago by tinycg on Four top iPad apps for people on the move
    TerryRK

    Well it seems there is something a number of us agree on. Why is the Ubuntu Unity launcher so ugly? I thought perhaps it was something to do with...

    2 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
    Freebies202

    Duplicate comments are not made intentionally. Its very good to know that now you are keeping check on this problem because sometimes a commenter...

    2 days ago by Freebies202 on Microsoft fixes blog comments, speeds up blogs with open source
    kevinmchapman

    "the very significant number of users" and "many (most) of us" - you have no evidence for these statements. It is a fact that most users are saying...

    3 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
    Marg Menzies Harrison

    Another grammar faux pas is the improper use of "you". When sitting down down in a restaurant, for example, I get cringe when the waitress...

    3 days ago by Marg Menzies Harrison via Facebook on 10 flagrant grammar mistakes that make you look stupid
    zdnetukuser

    And NOW, folks, for Canonical's next trick... Kubuntu is late. Here's a pencil. Draw your own conclusions. cf.:...

    3 days ago by zdnetukuser on Linux Minterface
    Moley

    @kevinmchapman. The discussion here reflects the very significant number of users who really do like the traditional menu system and who wish to...

    3 days ago by Moley on A tale of two distros: Ubuntu and Linux Mint
    kevinmchapman

    Er, no... It is an efficient means of finding the application/file/setting you need in one place. The icons are a simply a fallback for when you...

    3 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
    TerryRK

    Isn't the provision of a text based search an admission by the developers that the mass of icons approach does not work? I don't need to use a...

    3 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
    kevinmchapman

    "Unity and GNOME 3 both abandon the old text-based cascading menus in favour of a graphical icon-driven system." Point truly missed. Both use a...

    3 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
    TerryRK

    whs001 - Thank you, I'm glad you liked the article. I absolutely agree with you on your first point. I should perhaps have made it clearer that...

    3 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
    Dennis Nilsson

    If we allow corporate interest to dictate the way our government circumvents due process against foreign entities then we should accept the same...

    3 days ago by Dennis Nilsson via Facebook on ACTA stumbles in Germany

    Latest in Application Development

    Perens: Linux could learn from Apple

    Featured white papers

    Use product development for competitive advantage

    IBM

    Use product development for competitive advantage

    Remember when MP3 players just played music? Today, consumers want players that can host music, stream video,... Read more

    The Relevance of Cloud Infrastructure to Enterprise Challenges

    SAVVIS

    The Relevance of Cloud Infrastructure to Enterprise Challenges

    This white paper reviews the evolution of data center outsourcing, and introduces cloud offerings within this historical... Read more

    Corporate Web Security - Market Quadrant 2011

    Blue Coat Systems

    Corporate Web Security - Market Quadrant 2011

    From the days when data storage meant putting pieces of paper in a box till the day comes when you'll be able to store... Read more

    Inside ZDNet UK

    HP Slate 2

    HP Slate 2

    Getting to the enterprise with WOA

    Getting to the enterprise with WOA

    How to handle data replication

    How to handle data replication

    Ten flawed products that derail productivity

    Ten flawed products that derail productivity

    NASA video shows dark side of the moon

    NASA video shows dark side of the moon

    HTC Explorer: First Take

    HTC Explorer: First Take

    How fast is your broadband?

    How fast is your broadband?