SELinux
SELinux ( Security-Enhanced Linux ; " security-enhanced Linux ") is an extension of the Linux kernel , which represents the first attempt to implement the FLASK concept of the US secret service NSA . It implements the access controls to resources in the sense of Mandatory Access Control . SELinux is largely developed by the NSA and the Linux distributor Red Hat . Companies such as Network Associates, Secure Computing Corporation , and Tresys are or were also involved in the work on SELinux, and Tresys in particular is increasingly taking on tasks on the project.
SELinux is open source software and consists of a kernel patch and numerous extensions for system programs. There is a so-called policy for setting the rules , which is currently being published by Tresys. Most distributions offer special SELinux policy packages for their programs that add the respective program to the policy.
Integration in Linux kernels and distributions
SELinux has been integrated in the kernel since Linux 2.6.x. The Linux distribution Fedora (a project sponsored by Red Hat ) was the first distribution to include SELinux support as standard. Fedora Core 3 and Red Hat Enterprise Linux 4 were the first distributions to be shipped with full SELinux support. It is now also an integral part of CentOS , Hardened Gentoo and openSUSE . In Ubuntu and Debian , this can be installed via the package management. The implementation for Slackware is still in progress. With the introduction of Android 4.3, the Android kernel based on the Linux kernel was officially expanded to include SELinux. Before that, manufacturers such as HTC and Samsung had already used the kernel extension in their smartphone models in order to implement extended security functions.
Tools
In addition to the official SELinux tools, there are numerous useful tools that make working with SELinux easier.
Setroubleshoot uses a task icon to notify you of the restrictions imposed on programs and, on request, provides additional information and possible solutions to solve the problem. SLIDE is an IDE for developing the policy, which is published in the form of an Eclipse extension. The apol program is responsible for the analysis of guidelines.
See also
Web links
- NSA project page on SELinux (English)
- SELinux project page of the Fedora project (English)
- Thorsten Scherf: Mandatory Access Control with SELinux. In: ADMIN magazine. Linux New Media AG, accessed February 20, 2014 .
- http://derstandard.at/1373513344414/Die-NSA-und-die-vermeintliche-LinuxAndroid-Verschwoerung
Individual evidence
- ↑ SpecSELinux - Ubuntu Wiki. Retrieved January 6, 2019 .
- ↑ HardySELinux - Ubuntu Wiki. Retrieved January 6, 2019 .
- ↑ Innovations of Android 4.3 ( Memento from August 5th, 2013 in the Internet Archive )
- ↑ Eike Kuehl: Android: The NSA is not only evil. In: Zeit Online. July 11, 2013, accessed July 26, 2013 .