Language Selection

English French German Italian Portuguese Spanish

Selinux on FC5

Filed under
Linux

Selinux can be confusing, but it's ordinary and default configuration is actually pretty simple. We'll examine it on Fedora Core 5.

By default, FC5 installs Selinux in "targeted" mode. You can see this in /etc/selinux/config:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

As the comments imply, only certain network daemons are affected by Selinux in this configuration.

Full Story.

In related links:

SELinux is a mandatory access control (MAC) system available in Linux kernels as of version 2.6. Of the Linux Security Modules available, it is the most comprehensive and well tested, and is founded on 20 years of MAC research. SELinux combines a type-enforcement server with either multi-level security or an optional multi-category policy, and a notion of role-based access control. See the Resources section later in this article for links to more information about these topics.

Most people who have used SELinux have done so by using an SELinux-ready distribution such as Fedora, Red Hat Enterprise Linux (RHEL), Debian, or hardened Gentoo. These enable SELinux in the kernel, offer a customizable security policy, and patch a great number of user-land libraries and utilities to make them SELinux aware.

If you're like many users who simply want the system to work as before, but a bit more securely, you can query and manipulate SELinux by using familiar applications and by writing security policies using a higher level language.

SELinux from scratch.

More in Tux Machines

Android Leftovers

Licensing resource series: Free GNU/Linux distributions & GNU Bucks

When Richard Stallman set out to create the GNU Project, the goal was to create a fully free operating system. Over 33 years later, it is now possible for users to have a computer that runs only free software. But even if all the software is available, putting it all together yourself, or finding a distribution that comes with only free software, would be quite the task. That is why we provide a list of Free GNU/Linux distributions. Each distro on the list is commited to only distributing free software. With many to choose from, you can find a distro that meets your needs while respecting your freedom. But with so much software making up an entire operating system, how is it possible to make sure that nothing nasty sneaks into the distro? That's where you, and GNU Bucks come in. Read more

Linux 4.7.6

I'm announcing the release of the 4.7.6 kernel. All users of the 4.7 kernel series must upgrade. The updated 4.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.7.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... Read more Also: Linux 4.4.23

Linaro beams LITE at Internet of Things devices

Linaro launched a “Linaro IoT and Embedded” (LITE) group, to develop end-to-end open source reference software for IoT devices and applications. Linaro, which is owned by ARM and major ARM licensees, and which develops open source software for ARM devices, launched a Linaro IoT and Embedded (LITE) Segment Group at this week’s Linaro Connect event in Las Vegas. The objective of the LITE initiative is to produce “end to end open source reference software for more secure connected products, ranging from sensors and connected controllers to smart devices and gateways, for the industrial and consumer markets,” says Linaro. Read more Also:

  • Linaro organisation, with ARM, aims for end-end open source IoT code
    With the objective of producing reference software for more secure connected products, ranging from sensors and connected controllers to smart devices and gateways, for the industrial and consumer markets, Linaro has announced LITE: Collaborative Software Engineering for the Internet of Things (IoT). Linaro and the LITE members will work to reduce fragmentation in operating systems, middleware and cloud connectivity solutions, and will deliver open source device reference platforms to enable faster time to market, improved security and lower maintenance costs for connected products. Industry interoperability of diverse, connected and secure IoT devices is a critical need to deliver on the promise of the IoT market, the organisation says. “Today, product vendors are faced with a proliferation of choices for IoT device operating systems, security infrastructure, identification, communication, device management and cloud interfaces.”
  • An open source approach to securing The Internet of Things
  • Addressing the IoT Security Problem
    Last week's DDOS takedown of security guru Brian Krebs' website made history on several levels. For one, it was the largest such reported attack ever, with unwanted traffic to the site hitting levels of 620 Gbps, more than double the previous record set back in 2013, and signalling that the terabyte threshold will certainly be crossed soon. It also relied primarily on compromised Internet of Things devices.