SELinux
Marc M
linuxr at gmail.com
Tue Aug 23 00:11:05 UTC 2005
Basically the way it works is that there are policies that can override
standard UNIX type permissions so that you can lock down the entire OS from
runaway processes, hackers, and whatever bad code is out there. It used to
be that bad code was allowed to run like a madman through your UNIX machine,
turning /tmp to world readable/writable and there was nothing you could do
about it. There are 3 modes whereby you can either make it block a lot of
stuff, only log what it would've blocked (but yet allow it through), or
disable it completely. Also there is strict vs. targeted policy. Targeted is
gonna be your drug of choice more than likely. Strict would be for say a
high volume web server that only runs apache and you are going to turn
every_single_other_thing_off. I would stay away from strict until you get
the basics down.
I just compiled a bunch of links at forensiclug.com
<http://forensiclug.com>if you want more info.
Good luck
Marc
On 8/22/05, BRUCE STANLEY <bruce.stanley at prodigy.net> wrote:
>
>
>
> --- Chris Wright <linux-list at cwic-solutions.co.uk> wrote:
>
> >
> >
> > > -----Original Message-----
> > > From: fedora-list-bounces at redhat.com
> > > [mailto:fedora-list-bounces at redhat.com] On Behalf Of yote l
> > > Sent: Monday, August 22, 2005 10:33 AM
> > > To: fedora-list at redhat.com
> > > Subject: SELinux
> > >
> > > How does it work ?
> > >
> >
> > 42
> >
> > --
> ....Dave...My mind is going....daisy...daisy....
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050822/a77eb67c/attachment-0001.htm>
More information about the fedora-list
mailing list