SELinux
The second technology we will spend some time covering in this chapter is called Security Enhanced Linux (SELinux). This is a security technology originally developed by the United States National Security Agency to bring a heightened level of security capabilities to the Linux kernel. As an overview, this technology, best described as an upstream project at http://www.nsa.gov/research/selinux/index.shtml explains,
"NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration...
