SELinux
Security-Enhanced Linux (SELinux) is a security architecture integrated
into the Linux kernel that provides a mechanism for supporting access control
security policies, including mandatory access controls (MAC). It was originally
developed by the United States National Security Agency (NSA) and released to
the open-source community in 2000.
Key Features of SELinux:
- Access Control: SELinux allows administrators to define security policies that control which users and processes can access specific files and resources on the system.
- Security Policies: These are sets of rules that dictate what can or cannot be accessed. SELinux enforces these policies to control access.
Modes of Operation:
- Enforcing: SELinux enforces the security policies and denies access based on these policies.
- Permissive: SELinux logs actions that would have been denied if it were in enforcing mode but does not deny access.
- Disabled: SELinux is turned off.
- Type Enforcement: This is the primary mechanism used by SELinux to enforce policies. It assigns types to all files, processes, and ports and uses these types to control access.
How SELinux Works:
When an application or process (subject) requests access to an object
(like a file), SELinux checks the access vector cache (AVC) for permissions. If
the permissions are not cached, it consults the security server, which checks
the security context from the SELinux policy database to grant or deny access.
Benefits:
- Enhanced Security: By enforcing strict access controls, SELinux helps prevent unauthorized access and limits the potential damage from security breaches.
- Granular Control: Administrators can define policies to control access at a granular level.
This post is covered in Security+ and Server+.
No comments:
Post a Comment