What is SELinux (Security-Enhanced Linux)?

SELinux, or Security-Enhanced Linux, is a part of the Linux security kernel that acts as a protective agent on servers. In the Linux kernel, SELinux relies on mandatory access controls (MAC) that restrict users to rules and policies set by the system administrator. MAC is a higher level of access control than the standard discretionary access control (DAC), and prevents security breaches in the system by only processing necessary files that the administrator pre-approves.

SELinux was initially released as a collaborative between Red Hat and the National Security Agency. SELinux receives periodic updates and additions as new Linux distributions are released. The SELinux kernel separates policy and decisions inside the kernel to distribute levels of protection and prevent a total security breach.

SELinux acts under the least-privilege model. SELinux only grants access if the administrator writes a specific policy to do so.

SELinux modes

There are three modes of SELinux: Enforcing, Permissive and Disabled.

  • Enforcing mode is the default mode at installation of SELinux. It will enforce the policies on the system, deny access and log actions.
  • Permissive mode is the most commonly used mode for troubleshooting SELinux. In this mode, SELinux enables but does not enforce security policies. Also, this means that actions will result in a warning and log for the system administrator.
  • Disabled mode means that SELinux is turned off and the security policies do not protect the server.

App Armor vs. SELinux

SELinux’s main competitor, AppArmor, is available on SUSE Linux…

Read the full article at the Original Source..

Back to Top