SELinux is a flexible but mandatory enterprise grade
security implementations (from NSA) in Linux kernel itself. This provides
support for enforcing different but mandatory access control policies.
You can
see /etc/selinux/config file to see if SELinux is enabled or not for your
system. The variable SELINUX in this file defines the mode (3 modes) in which
SELinux has been operation. These 3 different modes of SELinux are namely:
- Disabled: Completely disables the SELinux.
- Permissive: enables the SELinux code, but causes it to operate in a mode where accesses that would be denied by policy are permitted but audited
- Enforcement: Enables the SELinux code and causes it to enforce access denials as well as auditing them.
SELinux was the NSA's attempt at porting the Orange Book
requirements to Linux. There are other popular solutions as well for
implementing access controls in linux like AppArmor, GrSecurity etc.
No comments:
Post a Comment