The traditional Unix security model is simple and beautiful. For decades it has been good enough for most people. However, it is starting to show its age. In the highest security settings, a more fine grained control system is needed. In the past, this meant using expensive, complicated, special purpose versions of Unix: trusted systems. (Trusted Solaris, Trusted AIX, Trusted HP-UX) SELinux, created by the NSA, is the most mature and complete response to the need for Trusted Linux systems. Unfortunately, because of the difficulty creating and maintaining trusted systems, their success has been limited. This is no longer acceptable. Today, even desktop systems and cell phones need high quality security. Imagine being able to sandbox your Web browser and e-mail client. The traditional Unix model makes this difficult and only partially possible. SELinux, on the other hand, makes fine grained security available to everyone. When it first appeared, SELinux was hard to learn and mysterious to troubleshoot. As a result, many people fear it. However, SELinux and the tools to manage it have come a long way. It's time to lay fear aside. Stuart will teach what SELinux is, why it is great, basic troubleshooting and maintenance.
Go to this episode
HPR - Ep0371: Introduction to SELinux
No replies to this topic
BinRev is hosted by the great people at Lunarpages!