How SELinux can benefit a systems administrator
SELinux is a free open source software project that was developed by the U.S. National Security Agency. While it can theoretically be installed on any Linux distro, the Red Hat-type distros are the only ones that come with it already set up and enabled. It uses code in Linux kernel modules, along with filesystem-extended attributes, to help ensure that only authorized users and processes can access either sensitive files or system resources. There are three ways in which SELinux can be used:
- It can help prevent intruders from exploiting a system
- It can be used to ensure that only users with the proper security clearance can access files that are labeled with a security classification
- In addition to MAC, SELinux can also be used as a type of role-based access control
In this chapter, I'll only be covering the first of these three uses because that is the most common way in which SELinux is used. There's also the fact that covering all three of these...
