ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

Arming Linux against hackers

Michael Mullins

Published: 18 Feb 2004 14:40 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Don't be naive enough to think that because you run Linux you won't be a target for hackers. If you rely on Linux for hosting or transmitting sensitive data, you should check out Security-Enhanced Linux, created by the US National Security Agency (NSA) and available for free.

First released to the public in January 2001, Security-Enhanced Linux (SELinux) is a research project from the NSA that seeks to enhance the open-source Linux kernel: to provide greater protection against corruption; to prevent the bypassing of application security procedures; and to mitigate the destruction caused by malicious or defective applications.

Normal Linux vs. SELinux
Normal Linux system security relies on the kernel and the dependencies created through the setuid/setgid binaries. Under the conventional security mechanism, an exploit of a flaw with any privileged application, configuration, or process running usually leads to a total system compromise. This problem is consistent with most modern operating systems due to their complexity and interoperability with other applications.

SELinux relies solely on the kernel and the security configuration policy. Once you configure the security system correctly, improper application configuration or exploits of flawed applications and daemons will only result in compromising the user program and its system daemons. The security of other user programs and daemons remains intact, along with the underlying security system structure.

In simpler terms: no single application configuration flaw or exploit can result in a total system compromise.

Installing SELinux
The SELinux kernel, utilities, daemon/utility patches, and documentation are available for download from the Security-Enhanced Linux Web site. You must have an existing Linux system to compile your new kernel and access to unmodified system packages.

Developers have tested the current release with the Red Hat Linux distribution. The binaries are compatible with current Linux applications and include system calls for applications that are security-aware.

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
86 out of 190 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. How does SELinux stack up against grsecurity patch... Anonymous

Related Links

More In Desktop platforms



Company/Topic Alerts

Create a new alert from the list below:



Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.