RedHatSELinux System Overview and case analysis

Article Title: RedHatSELinux System Overview and case analysis. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

1. Introduction to SELinux

The biggest security change in RedHat Enterprise Linux AS 3.0/4.0 is the integration of SELinux support.

SELinux, short for Security-Enhanced Linux, is an access control system developed by the National Security Agency (NSA.

SELinux can maximize the security of Linux systems. As to how powerful it is, a simple example can prove:

Linux without SELinux protection has the same security level as Windows, which is level C2. However, Linux without SELinux protection has the same security level.

Then it can reach B1 level. For example, we set the permissions of all files and directories under the/tmp directory to 0777, so that no SELinux protection is available.

Anyone can access the content under/tmp. In The SELinux environment, although the directory permission allows you to access the content under/tmp,

However, SELinux's security policy will continue to check whether you can access it.

The SELinux security architecture launched by NSA is called Flask. In this structure, the logic of security policies and general interfaces are encapsulated together

The independent components of the operating system are called security servers. SELinux's security server defines a hybrid security

Policy, which consists of Type implementation (TE), role-based access control (RBAC), and multi-level security (MLS. By replacing the security server, you can

To support different security policies. SELinux uses the policy configuration language to define the security policy, and then compiles it into binary form through checkpolicy

Stored in files (such as the target policy/etc/selinux/targeted/policy/policy.18) and read the kernel space during kernel boot.

. This means that the security policy is different every time the system is booted.

There are two SELinux policies: one is the target policy and the other is the strict policy. Limited policies only apply to some

System network services and processes execute The SELinux policy, while the strict policy is to execute the global default NSA policy. In the limited policy mode, nine (

More) system services are monitored by SELinux, and almost all network services are under control.

The configuration file is/etc/selinux/config. Generally, the "permissive" mode is used during the test, which only violates SELinux rules.

Then, a warning is issued, and then the rules are modified. Finally, the user determines whether to execute the strict "enforcing" policy to prohibit the violation of the rule policy.

Action.

The rules determine SELinux's work behavior and method, and the policy determines the specific security details, such as file system and file consistency.

During installation, you can select "Activate", "warning", or "Disable" SELinux. The default value is "Activate ".

After installation, you can go to "application", "system settings", and "security level", or directly enter "system" in the console window.

-Config-securitylevel to open the "Security Level" setting window. On the "SELinux" option page, we can not only set"

Enable or disable SELinux, and modify the built-in SELinux policy.

SELinux commands:

Ls-Z

Ps-Z

Id-Z

You can see the SELinux attributes of files, processes, and users respectively.

Chcon changes The SELinux attribute of the file.

Getenforce/setenforce: View and set the current working mode of SELinux.

After modifying the configuration file/etc/selinux/config, restart the system to start the new working mode of SELinux.

[1] [2] Next page