Security-Enhanced Linux
SELinux ( Security-Enhanced Linux, German sicherheitsverbessertes Linux ) is an extension of the Linux kernel, which is the first attempt to translate the FLASK concept of the U.S. Secret Service NSA. It implements the access control to resources within the meaning of Mandatory Access Control. SELinux is governed by the NSA and from the Linux distributor Red Hat has developed. Companies such as Network Associates, Secure Computing Corporation, and Tresys are or were also involved in the work on SELinux, especially Tresys increasingly assuming responsibilities in the project.
SELinux is open source software and is composed of a kernel patch and numerous enhancements for system programs together. For setting the rules, there is a so-called policy which is currently published by Tresys. Most distributions provide specific SELinux policy packages for their programs that extend the policy to the respective program.
Integration into the Linux kernel
For kernel 2.4.x, there is a patch for kernel 2.6.x SELinux is integrated directly. The Fedora Linux distribution ( a Red Hat- sponsored project ) was the first distribution to mitliefert innately SELinux support. Fedora Core 3 and Red Hat Enterprise Linux 4 were delivered as the first distributions with full SELinux support. Meanwhile, it is also an integral part of CentOS, Hardened Gentoo and openSUSE. On Ubuntu and Debian this is installed subsequently via the package manager. The implementation for Slackware is still in progress. With the introduction of Android 4.3, based on the Linux kernel Androidkernel SELinux has also been extended officially. Previously the kernel extension, manufacturers such as HTC and Samsung in their smartphone models used by advanced security features to implement.
Tools
Apart from the official SELinux tools exist a number of useful tools that facilitate working with SELinux.
Setroubleshoot notified of a task icon on enforced restrictions of programs and, on request, additional information as well as possible solutions ready to fix the problem. SLIDE is an IDE for the development of policy that is published in the form of an Eclipse extension. The apol program is responsible for the analysis of policies.
Criticism
An SELinux is often criticized that it was far too complex to be managed by normal users can. This had the consequence that most users either configure such a system insecure or disable SELinux completely. With the promise to be more easily configurable, so Immunix has established itself as an alternative, the AppArmor tool.