Language Selection

English French German Italian Portuguese Spanish

Demystifying Security Enhanced Linux

Filed under
Linux

In this paper I will try to explain the philosophy behind the Security Enhanced Linux (SE Linux). I will however try to explain the concept with an example but to keep the length readable I will restrain myself to go into much of implementation details for e.g. commands and similar stuff.

This flavor of linux has strong Mandatory Access control Built into the kernel where by the process and objects such as files are classified based on the confidentiality and integrity requirement, hence the affect of a security breach is reduced to minimal.

It is to be noted that this doesnot mean that SE Linux was designed to correct flaws which are present in the Linux rather it's an attempt to use MAC (in contrast to DAC used by traditional Linux Systems) to make a system which will mitigate the affects of security policy breaches to a minimum, by the help of policies which specify the security requirements of a system.

Full Article.

More in Tux Machines

Kim Dotcom to create Wikimedia-style open source Mega 3.0

Dotcom's first file locker, Megaupload, saw him accused of knowingly hosting, and indeed encouraging the upload and distribution of, stolen films and music. From his new home in New Zealand, he's fought a long legal battle on numerous fronts, fending off extradition attempts, accusing kiwi authorities of working without warrants end even trying, and failing miserably, to promote a political part . Read more

Red Hat and Fedora

Red Hat Fedora
  • Fedora LiveUSB Creator artwork
    As my first job as Red Hat design intern I received from Mo a task to create some icons for Fedora LiveUSB Creator. The liveusb-creator is a cross-platform tool for easily installing live operating systems on to USB flash drives. A Live USB system stored on flash memory, sometimes called a stick, lets you boot any USB-bootable computer into a Fedora operating system environment without writing to that computer’s hard disk.
  • LINE Messenger on Linux
  • Bodhi in Fedora 23 is Ready
  • Got the issue resolved and back to work after exams :)
    And also according to the feedback it has also been suggested to use a footer similar to the one in getfedora.org. Hence the modified design of the footer is also depicted in the mockups below. And as always feedback on these are welcome.
  • Please sign off your patches
    One aspect of open source that appeals to many people is the idea that anyone can contribute. All it takes is a great idea, a little bit of work, and you can have fame, glory, and more conference t-shirts than you know what to do with. The reality is often not quite as simple for many reasons. A common complication is software licencing. There are plenty of other locations talking about open source software licencing and the complications there of so this one will be narrowly focused and have a simple request: When submitting patches for the Linux kernel, whether to official kernel mailings lists or to Fedora, please remember sign off your patches.

Open source is the only way to operate, Accuvant researchers to release open source RFID access tool

  • VA Secretary: Open source is the only way to operate
    Veterans Affairs Department Secretary Bob McDonald voiced his support for open source technology July 30, as he outlined a broad reform plan that includes streamlining information technology and taking a more "holistic" look at customer service. "We have over 200 databases with customer information. That means if you want to change your address, you have to go to at least nine places to change your address at VA," said McDonald during a morning keynote July 30 at a conference in Bethesda, Md.
  • Accuvant researchers to release open source RFID access tool
    Security researchers have long known about the vulnerabilities of the RFID readers that many buildings use instead of door locks, but facilities managers have been slow to upgrade to more secure systems. To draw attention to the problem, at next week's Black Hat conference, Accuvant researchers will be releasing an open source piece of hardware that can be used to circumvent these readers.
  • OpenDaylight Project Picks Up Steam

LaaS (Linux as a Service) -- What you can expect when you build a Linux server in the cloud

Now, before I go any further with this, I should say that LaaS (Linux as a Service) is really not one of the acknowledged ?aaS acronyms. Linux servers in the cloud are generally considered PaaS (platform as a service) or IaaS (infrastructure as a service) offerings depending on how much control you need to exert over their configuration (the more you have to do, the more likely they're IaaS). The distinction may not matter unless you're setting up multiple systems in the cloud that need to interract with each other. In fact, Amazon doesn't even use these terms to describe its EC2 offerings. Read more