Enhanced security Linux (SELINUX) is a R & D project of the US Security Department, which is an intended to enhance the Linux kernel for development code to provide stronger protection measures to prevent some of the security applications to go into the road, reduce malware. Brought the disaster.
Ordinary Linux compared to SELinux
The safety of ordinary Linux systems is dependent on the kernel, which is generated by setuid / setgid. Under the traditional security mechanism, some application authorization issues, configuration issues, or process operations have caused security issues for the entire system. These issues exist in the current operating system, which is due to their complexity and interoperability with other programs.
SELinux only relies on the system's kernel and security configuration policies. Once you correctly configure the system, an abnormal application configuration or error will return only the error to the user and its system background program. The security of other user programs and their background programs can still run normally, and maintain their security system structure.
To be simple, it is: No program configuration error can cause the entire system crash.
Install the SELINUX SELINUX kernel, tool, program / kit, and documentation can be downloaded on the Linux website that enhances security Linux website. You must have an existing Linux system to compile your new kernel, so that you can access the no change. System patch package.
Developers use Red Hat Linux to test this version. This Linux is very compatible with current Linux applications, and it contains a system call taken into account security issues.
Also, you can compile this core to run it in the allowed state. This mode allows audit security configuration policies and decides the licenses required to install user applications and system operations. You don't need to reinstall the system, you can enhance the functionality of the system by changing this operation mode by changing the mode of this operation.
Why use SELINUX? The best use of SELinux is that it enhances access control to limit the minimum authority accessible by the user program.
Other good improvements are:
Access control of kernel objects and services For process initialization, inheritance, and programs to control the access control of file systems, directories, files, and open files to port, information, and network interface. The final thinking SELinux reduces users and system programs that prevent system crashing. You can use the patch package to upgrade Linux so that it meets your plan needs.
Because Selinux is still a development project, NSA does not recommend using this system to save comparison information to users. However, in last year, I have run Selinux and have not encountered any system crash.
Whether it is easy to test, you will test it yourself. It is free, and it is very easy to use!
For example: http://fedora.redhat.com/projects/selinux/ '
