Linux-Watch
      . . . keeping an eye on the penguin   
Home  |  News  |  Forum  |  Blogs  |  Videos  |  ITLink

Keywords: Match:
An easy way to deploy SELinux?
Jul. 11, 2006

The good thing about SELinux (Security-Enhanced Linux) is that it can really help you lock down a Linux system. The bad thing about SELinux is that it can be a real pain to put all those locks and chains in place in the first place.

To answer that, the SELinux Policy Editor (seedit) project has just released a new version of the program, seedit 2.0. If you've seen the earlier version, from Japan's Hitachi Software, you'll be pleased to know that almost everything about it has been changed, according to the project's Yuichi Nakamura.

SELinux originated as part of an NSA (National Security Agency) effort to create a truly secure operating system. An SELinux-based system has a strong, mandatory access control architecture built in from the code up. It also provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. In short, SELinux is designed to separate application security problems from the underlying operating system.

The program is made up of Simplified Policy and tools. A Simplified Policy, in turn, is an SELinux policy written in SPDL (Simplified Policy Description Language). This hides the details of SELinux configurations by using name-based configuration and reducing the number of permissions an administrator must worry about.

What's probably the most interesting part to server administrators, who want to learn yet another language like they want a hole in their head, is that the program also includes a simple integrated development environment GUI to generate SPDL and manage SELinux policies.

SUSE administrators, who look closely at the raw language, will recognize some of SPDL's syntax as coming from AppArmor, Novell's Linux security system.

Linux being Linux, you can, of course, also use command line tools or write scripts.

From the control panel, though, you can generate policies, read the audit log, create policy templates and edit SPDL code. You can do almost everything about SELinux from the control panel.

Today, the program supports Fedora Core 5 and CentOS 4.3. The developers also believe that it will work with Red Hat Enterprise Linux 4, but that has not been tested.


-- Steven J. Vaughan-Nichols


Do you have comments on this story?

Talkback here

NOTE: Please post your comments regarding our articles using the above link. Be sure to use this article's title as the "Subject" in your posts. Before you create a new thread, please check to see if a discussion thread is already running on the article you plan to comment on. Thanks!

(Click here for further information)

7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.

4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.

Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.

Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.

Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.

Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.

Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.

Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.

Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.

 

Got a HOT tip?   please tell us!
ADVERTISEMENT
(Advertise here)
Also visit:
 • eWEEK's Linux center
• Dev Shed
  and, our 'evil twin'...
• Microsoft-Watch.com
Latest Linux-Watch Posts

• Wikipedia standardizes servers on Ubuntu
• RIP LinuxWorld
• Financial crisis may bode well for Linux
• Financial exchange joins Linux Foundation
• Linux Foundation courts individual members
• SGI frees up GL-related licensing
• OSCON 2008 presentations, videos posted
• Linux -- not yet photo-friendly
• Microsoft buys additional Linux support
• SFLC publishes GPL compliance guide
More Linux-Watch posts

DesktopLinux headlines:
• Mandriva 2009 debuts with KDE 4 desktop
• Debian Sid-based distro reviewed
• Miguel de Icaza on Mono 2.0
• RIP LinuxWorld
• Testers sought for Blackberry-Linux sync software
• Google updates photo editor for Linux
• Major Mono rev ships
• Intrepid Ibex beta-tests
• Linux netbook returns higher?
• Open-source image editing project launches
More DesktopLinux news
LinuxDevices headlines:
• First ALP Linux smartphone?
• First Atom-based nano-ITX board?
• New kernel boosts embedded
• First dual-monitor LTSP 5 set-up?
• Understanding Unix spells and curses
• Tools vendor touts low-cost Linux BSPs
• Debugger supports multi-core MIP64 chips
• Webinars tackle VxWorks-to-Linux ports
• Twin POS systems for Linux
• Mobile Firefox ready for download
More LinuxDevices news
Dev Shed Dev Shed
Powered By Dev Shed

Linux vs. Windows?
•  in the enterprise
•  in gadgets & devices
Linux conquers smartphones!

...read all about 'em

news feed
Home  |  News  |  Forum  |  About  |  Contact
 

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
Tech RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video | VARs | Channel News

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.