Open Source

Tech Tip: Consider implementing Security-Enhanced Linux

Implementing SELinux will allow you to enforce mandatory access controls, confining user programs to the least privilege required for their operation.

By Mike Mullins

First released to the public in January 2001, Security-Enhanced Linux (SELinux) is a research project from the National Security Agency (NSA) that seeks to enhance the open source Linux kernel to provide greater protection against corruption, prevent the bypassing of application security procedures, and mitigate the destruction caused by malicious or defective applications.

Normal Linux vs. SELinux

Normal Linux system security relies on the kernel and the dependencies created through the setuid/setgid binaries. Under the conventional security mechanism, an exploit of a flaw with any privileged application, configuration, or process running usually leads to a total system compromise. This problem is consistent with most modern operating systems due to their complexity and interoperability with other applications.

SELinux relies solely on the kernel and the security configuration policy. Once you configure the security system correctly, improper application configuration or exploits of flawed applications and daemons will only result in compromising the user program and its system daemons. The security of other user programs and daemons remains intact, along with the underlying security system structure.

In simpler terms: No single application configuration flaw or exploit can result in a total system compromise.

Installing SELinux

The SELinux kernel, utilities, daemon/utility patches, and documentation are available for download from the Security-Enhanced Linux Web site. You must have an existing Linux system to compile your new kernel and access to unmodified system packages.

Developers have tested the current release with the Red Hat Linux distribution. The binaries are compatible with current Linux applications and include system calls for applications that are security-aware.

In addition, you can compile the kernel to run in a permissive mode. This mode allows auditing of the security configuration policies to determine the required permissions for installed user applications and system operation. You can change the permissive mode of operation to enforcement at any time without rebuilding the system.

Why should you run SELinux?

The best reason to implement SELinux is to enforce mandatory access controls to confine user programs to the least privilege required for their operation.

Other noticeable improvements include:

  • Access control for kernel objects and services
  • Access control over process initialization, inheritance, and program execution
  • Access control over file systems, directories, files, and open file descriptions
  • Access control over sockets, messages, and network interfaces

Final thoughts

SELinux alleviates the constant requirement to update every user and system application to prevent a system compromise. You can now apply patches and updates when it's convenient to your schedule.

Because SELinux is still a development project, the NSA does not recommend it for use on systems that contain or protect sensitive information. However, I've run SELinux during the last year, and I've experienced no system compromises.

Test it out and judge for yourself. It's free, and it works!

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.

Editor's Picks

Free Newsletters, In your Inbox