It-302 Linux Research 1 Essay

792 WordsJun 27, 20124 Pages
SELinux SELinux was developed by the United States National Security Agency. It was then released for open source development on December 22, 2000 and was merged into the main Linux kernel version 2.6.0-test3 on August 8, 2003. SELinux was designed to change the access control protocols for Linux users, to make them more secure and computer resources and applications less likely to be exploited. Prior to the development of SELinux, systems used a form of DAC, Discretionary Access Control. In this set up, placed all clients into three categories: user, group, and other. If an application or file were "exploited," it would allow the current user to access the file(s) or application at the highest permission allow, the owner of the file, or user. SELinux introduced two new ways to allow permissions to be determined by the client computer. The first of these is MAC, Mandatory Access Control. This new protocol introduce the principle of least privilege, which simply allows programs to use what resources they need to do the task at hand, and nothing else. An example from an article I found online: "if you have a program that responds to socket requests but doesn't need to access the file system, then that program should be able to listen on a given socket but not have access to the file system." The second protocol is RBAC, Role-based Access Control. In this protocol, "permissions are provided based on roles that are granted by the security system." From what I read of roles, they are like groups but not. Both groups and roles can house multiple users, but a role also houses the specific permissions given to those users. This allows the administrator to give much more precise permissions to what files and applications are accessible to the individual client. Overall, SELinux is designed to prevent people from exploiting some part of a file system or application

More about It-302 Linux Research 1 Essay

Open Document