+3 votes
248 views
in Security by (242k points)
reopened
What is SELinux?

1 Answer

+4 votes
by (1.6m points)
edited
 
Best answer

What does Security-Enhanced mean?
Strictly control access to the operating system
How are access rights restricted with SELinux?
SELinux Advantages and Disadvantages
How did SELinux come about?

image

What is SELinux?

SELinux is the acronym for Security-Enhanced Linux (in Spanish, Linux with enhanced security ). Linux is basically an operating system like Windows, Android or iOS, with the difference that it is not developed by a single company, since the software was designed as an open source project from the beginning. The source code for the Linux kernel , also called the Linux kernel , is available to all developers for both non-profit and commercial purposes. Based on the Linux kernel, various versions of the operating system have been developed, commonly known as distributions . Some of the most famous Linux distributions are Ubuntu, Debian, and Fedora..

Index
  1. What does Security-Enhanced mean?
  2. Strictly control access to the operating system
  3. How are access rights restricted with SELinux?
  4. SELinux Advantages and Disadvantages
  5. How did SELinux come about?

What does Security-Enhanced mean?

The Linux kernel source code is constantly being developed by companies, volunteers, and non-profit organizations. Security-Enhanced Linux (in Spanish, Linux with enhanced security ) is one of these extensions of the Linux kernel and is available as a security module. SELinux has been an official component of the Linux kernel since 2003. Some Linux distributions include SELinux out of the box, although this module can be easily disabled. SELinux helps administrators to control all system processes strictly, blocking those that are not considered necessary. In this way, SELinux greatly reduces the risk posed by security breaches in user programs.

In general, it is a good idea to restrict the access rights of all programs, even when they are trusted. In this way, if an application is hijacked by a third party, the damage done can be greatly reduced. On the other hand, if a program infected by malware can access all the processes and files of the system, the danger may be greater. SELinux limits access and therefore also the extent of possible damage..

Strictly control access to the operating system

SELinux offers a special security architecture based on the principles of Mandatory Access Control (or MAC ). Unlike the conventional Linux kernel, SELinux minimizes access to operating system files and processes. Through strict access control methods and the corresponding security measures, the module aims to guarantee the confidentiality and integrity of the data . Also, with SELinux, the operating system and user programs are clearly delimited.

How are access rights restricted with SELinux?

The conventional system uses Linux discretionary access control (DAC, of the English discretionary access control ) to control access. Typically, with this type of control, all users or applications with appropriate rights can unrestricted access to files and processes in the operating system. In contrast, with the mandatory access control (MAC) used by SELinux, the administrator can define the security measures with precision and establish additional attributes that indicate under what conditions and in which situations a rights holder can access certain processes or operating system files. If these conditions or relationships (that is, attributes) are not met, access is denied..

In SELinux several tags are used to regulate access:

  • User
  • Role
  • Type
  • Level

These labels can be assigned to any process or file and then incorporated into the established measures. For example, an application might only be able to access folders that have a specific label. The revision of the measures is known as enforcement in SELinux .

SELinux Advantages and Disadvantages

SELinux makes it difficult or prevents the misuse of user rights, such as can occur when a problem presents security breaches, thus protecting the integrity of the operating system. Linux distributors offer the SELinux module with different policy packages and corresponding security measures, making it easy to configure the security layer. Additionally, authorized administrators can customize security measures .

As we have seen, SELinux allows administrators to control system processes much better. However, when it comes to helping solve problems, the program falls a bit short. For example, when blocking an access attempt, SELinux issues an error message that can be very imprecise and that provides little information to quickly solve the problem in question. Furthermore, SELinux is a relatively complex module. For many administrators, managing security measures and setting attributes is too complicated or requires too much effort . Also note that SELinux slightly reduces operating system performance.

In summary

SELinux is a very effective tool for ensuring security, but it also requires hours of work: this software is only useful if the user is not afraid to face the complexity of the configuration. If the system is configured only half, the potential benefits are reduced to zero. In any case, it is recommended to use it in professional environments where you work with confidential data.

How did SELinux come about?

SELinux was developed primarily by the US intelligence agency NSA and Linux distributor Red Hat . Linux 4, from Red Hat Enterprise, and Fedora, the Red Hat-compatible Linux distribution, were the first fully SELinux-compliant operating systems. In addition to Red Hat and Fedora, Gentoo Hardened Linux also supports SELinux, at least relatively. An alternative to SELinux is the AppArmor security module, mostly compatible with distributions such as openSUSE or with Debian-based platforms.


...