Introducing SELinux
Security Enhanced Linux (SELinux) is a set of kernel modifications and user-space tools that have been present in CentOS for quite a long time. It is a kind of mechanism that supports Mandatory Access Control security policies, which were initially developed by the US National Security Agency and later released in the public domain to protect computer systems from malicious intrusion and tampering.
Not many System Administrators use SELinux. Commonly, people are reluctant to learn about SELinux and just disable it directly. However, a properly configured SELinux system can reduce the security risks to a great extent.
SELinux implements Mandatory Access Control (MAC), which works on top of already available Discretionary Access Control (DAC) on CentOS 7. DAC is the traditional security model that we have on Linux systems where we have three entities: User, Group, and Others who can have a combination of read, write, and execute permission for files and directories. By...
