ProductsDesktop Server For Scientific Computing For IBM POWER For IBM System z For SAP Business Applications Red Hat Network Satellite ManagementExtended Update Support High Availability High Performance Network Load Balancer Resilient Storage Scalable File System Smart Management Extended Lifecycle SupportRed Hat JBoss Developer Studio Portfolio Edition Web Framework Kit Application Platform Web Server Data Grid Portal Platform Red Hat JBoss A-MQ Red Hat JBoss Fuse SOA Platform BRMS Data Services Platform JBoss Operations Network JBoss Community or JBoss enterprise
SolutionsThe new IT Why open hybrid cloud? Why Red Hat Public cloud Cloud resource library Private cloud Infrastructure-as-a-Service (IaaS) Platform-as-a-Service (PaaS) Cloud applications and workloadsApplication development Business process management Enterprise application integration Interoperability Operational efficiency Security VirtualizationSolaris to Red Hat Enterprise Linux Migration overview Migrate from your UNIX platform How to migrate to Red Hat Enterprise Linux Upgrade to the latest Red Hat Enterprise Linux release JBoss Enterprise Middleware Benefits of migrating to Red Hat Enterprise Linux Migration services Start a conversation with Red Hat
TrainingClassroom training Red Hat Online Learning Virtual training Remote classroom training On-site team training Online Learning LabsPopular and new courses Red Hat JBoss Administration curriculum Core System Administration curriculum Red Hat JBoss Middleware Development curriculum Advanced System Administration curriculum Linux Development curriculum Cloud Computing, Virtualization, and Storage curriculum
Security-enhanced Linux (SELinux), introduced in Red Hat Enterprise Linux 4, has a strong access control architecture incorporated into the major subsystems of the Linux kernel. Developed by the National Security Agency as a research prototype, SELinux provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. By allowing threats of tampering and bypassing of application security mechanisms to be addressed, SELinux enables the confinement of damage that can be caused by malicious or flawed applications. This allows the Linux operating platform to support stronger levels of security.
Red Hat concurs with security experts that a secure operating system is the cornerstone for system security and information assurance. Furthermore, Red Hat believes that SELinux can provide a best practices approach for transparent, universal system security and information assurance.
Protects Key Applications
Many applications are designed in such a way that they need to run as root, giving the application more access than is required. In a traditional system, an attacker that manages to compromise such an application could attain a root shell. From there, the attacker can access password files or install spam-forwarding software. If a firewall exists on the server, the attacker could alter the firewall rules to open even more access to an organization's internal network.
With SELinux, the attacker is limited by the access allowed for the application. The rules are defined by the system or the application, not individual users. For example, if an attacker was able to compromise a web server and attain a root shell, he or she can only perform the functions available to the web server, such as read files from a specified directory, or run scripts in another directory. The attacker would be prevented from seeing anything outside of those areas, greatly limiting the potential for damage.
No Added Administration
In a default installation of Red Hat Enterprise Linux, SELinux plugs into the Linux Security Module (LSM) to handle access requests at the kernel level for multiple common network-facing applications. The SELinux-based security for these applications requires no extra administration and is transparent to users and applications.
Integrated into Mainstream Operating System
SELinux is provided as a feature within Red Hat Enterprise Linux, rather than as a separate product. This is a key advantage for customers, who can deploy SELinux and maintain the full ISV support available to Red Hat Enterprise Linux.
Additional SELinux Functionality
For customers interested in an even greater level of security, the functionality of SELinux can be extended. Policies can be written for additional applications, or a 'strict' environment can be deployed where mandatory access controls protect all resources on the system. For assistance in enabling advanced security functions, contact Red Hat Professional Services.
Try SELinux Today
SELinux functionality is currently available in Red Hat Enterprise Linux 4.