Article Title: Linux (SELinux) with enhanced security ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
SELinux is a R & D project of the U.S. security department. It aims to enhance the Linux kernel for code development and provide stronger protection measures, prevent security-related application detours and mitigate the disaster caused by malware.
Comparison between Linux and SELinux
The security of common Linux systems depends on the kernel, which is generated by setuid/setgid. Under the traditional security mechanism, some application authorization problems, configuration problems or process running have been exposed, resulting in security problems of the entire system. These problems exist in the current operating system due to their complexity and interoperability with other programs.
SELinux only depends on the system kernel and Security Configuration Policy. Once you have correctly configured the system, the abnormal application configuration or error will only return the error to the user's program and its system background program. The security of other user programs and their background programs can still run normally and maintain their security system structure.
To put it simply, no program configuration error can cause the entire system to crash.
Install the SELinux kernel, tool, Program/toolkit, and documents of SELinux. You can download them on the Linux website for enhanced security. You must have an existing Linux system to compile your new kernel, in this way, you can access the system patch package that has not been changed.
Developers use Red Hat Linux to test the current version. This Linux is very compatible with the current Linux application, and it contains a system call that considers security issues.
In addition, you can compile this kernel so that it can run in the allowed state. This mode allows audit of security configuration policies and determines the licenses required to install user applications and system operations. You do not need to reinstall the system. You can change the operating mode at any time to enhance the system functions.
Why SELinux? The best reason for using SELinux is that it can enhance access control to limit the minimum access permissions of user programs.
Other good improvements are:
Access control over kernel objects and Services Access Control over process initialization, inheritance, and program execution access control over ports, information, and network interfaces for file systems, directories, files, and open file descriptions. Last thought SELinux reduces the number of users and system programs that need to be adjusted to prevent system crashes. Now you can use the patch package to Upgrade Linux to meet your planning needs.
Because SELinux is still a development project, NSA does not recommend this system to users to save important information. However, last year I ran SELinux and never encountered any system crash.
Whether it is easy to use depends on your own tests and decisions. It is free and easy to use!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.