ProductsDesktop Server For Scientific Computing For IBM POWER For IBM System z For SAP Business Applications Red Hat Network Satellite ManagementExtended Update Support High Availability High Performance Network Load Balancer Resilient Storage Scalable File System Smart Management Extended Lifecycle SupportWeb Server Developer Studio Portfolio Edition JBoss Operations Network FuseSource Integration Products Web Framework Kit Application Platform Data Grid Portal Platform SOA Platform Business Rules Management System (BRMS) Data Services Platform Messaging JBoss Community or JBoss enterprise
SolutionsApplication development Business process management Enterprise application integration Interoperability Operational efficiency Security VirtualizationMigrate to Red Hat Enterprise Linux Systems management Upgrading to Red Hat Enterprise Linux JBoss Enterprise Middleware IBM AIX to Red Hat Enterprise Linux HP-UX to Red Hat Enterprise Linux Solaris to Red Hat Enterprise Linux UNIX to Red Hat Enterprise Linux Start a conversation with Red Hat Migration services
TrainingPopular and new courses JBoss Middleware Administration curriculum Core System Administration curriculum JBoss Middleware Development curriculum Advanced System Administration curriculum Linux Development curriculum Cloud Computing and Virtualization curriculum
ConsultingStandard Operating Environment (SOE) Strategic Migration Planning Service-oriented architecture (SOA) Enterprise Data Solutions Business Process Management
Security-enhanced Linux (SELinux), introduced in Red Hat Enterprise Linux 4, has a strong access control architecture incorporated into the major subsystems of the Linux kernel. Developed by the National Security Agency as a research prototype, SELinux provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. By allowing threats of tampering and bypassing of application security mechanisms to be addressed, SELinux enables the confinement of damage that can be caused by malicious or flawed applications. This allows the Linux operating platform to support stronger levels of security.
Red Hat concurs with security experts that a secure operating system is the cornerstone for system security and information assurance. Furthermore, Red Hat believes that SELinux can provide a best practices approach for transparent, universal system security and information assurance.
Protects Key Applications
Many applications are designed in such a way that they need to run as root, giving the application more access than is required. In a traditional system, an attacker that manages to compromise such an application could attain a root shell. From there, the attacker can access password files or install spam-forwarding software. If a firewall exists on the server, the attacker could alter the firewall rules to open even more access to an organization's internal network.
With SELinux, the attacker is limited by the access allowed for the application. The rules are defined by the system or the application, not individual users. For example, if an attacker was able to compromise a web server and attain a root shell, he or she can only perform the functions available to the web server, such as read files from a specified directory, or run scripts in another directory. The attacker would be prevented from seeing anything outside of those areas, greatly limiting the potential for damage.
No Added Administration
In a default installation of Red Hat Enterprise Linux, SELinux plugs into the Linux Security Module (LSM) to handle access requests at the kernel level for multiple common network-facing applications. The SELinux-based security for these applications requires no extra administration and is transparent to users and applications.
Integrated into Mainstream Operating System
SELinux is provided as a feature within Red Hat Enterprise Linux, rather than as a separate product. This is a key advantage for customers, who can deploy SELinux and maintain the full ISV support available to Red Hat Enterprise Linux.
Additional SELinux Functionality
For customers interested in an even greater level of security, the functionality of SELinux can be extended. Policies can be written for additional applications, or a 'strict' environment can be deployed where mandatory access controls protect all resources on the system. For assistance in enabling advanced security functions, contact Red Hat Professional Services.
Try SELinux Today
SELinux functionality is currently available in Red Hat Enterprise Linux 4.