Unlocking the Power of SELinux: A Comprehensive Guide
Security in the traditional view is to restrict users or files by allowing permission, as well as setting up a firewall to monitor a system’s network communications. Wouldn’t it be better if a system controlled or changed the access levels of software and files? What happens if a user misreads the SSH security key file?
SELinux is the brief of Security-Enhanced Linux which is a Linux improved with security. The US National Security Agency developed the kernel module on December 22, 2000, under the GPL license and aims to improve the overall security of the Linux operating system. The SELinux surveillance system is of the MAC type, which is the brief of mandatory access control.
In this system, the operating system monitors system access and imposes restrictions in cases where security is compromised.
Linux Access Levels
Administrators have no way to control users. Imagine a situation where a user can access sensitive system files such as the SSH key or folders that contain public access.
Processes can change access levels. A user’s email files should only be readable by him. But mail client software can give the public access to these files. Processes inherit the access levels of users running them. For example, an infected Internet browser can read a user’s confidential SSH key. However, there is no justification for this behavior.
The development of Selenium from version 2.6 of the Kernel was merged in 2003 into the work of the Linux core development team led by Linus Torvalds. SELinux is currently available by default in many Linux distributions. The first Linux distribution to use SELinux by default was RedHat version 4.
SELinux has three modes of operation.
- Enforcing
This is the default mode of Selinux and it is installed in the same model. In this case, SELinux security policies are applied to the system, unauthorized access is prohibited and activities are logged.
- Permissive
In this case, SELinux is active, but its policies are not binding, and it is only necessary to warn and record small activities. This mode is more suitable for troubleshooting and reviewing SELinux behavior.
- Disabled
In this case, SELinux is off. You can check the SELinux status on the system using the sestatus command. You can see the SELinux settings in the following file.
# /etc/selinux/config
By making a change in SELINUX=, you can determine the general state of SELinux from the moment of the boot. Also, when operating the operating system, you can change the working status of SELinux with the setenforce command. Options for setenforce are:
- Enforcing or 1 to put Enforcing in position.
- Permissive for troubleshooting.
- 0 to turn off.
To make the most of SELinux, you need to know how to manage it. Due to the lack of knowledge of server administrators in this area, they prefer to disable it, which is the easiest option. Of course, in rare cases, without creating a risk, you can disable it, which naturally requires the knowledge and high aristocracy of the server administrator.
Especially in Linux VPS service which has remote access and it can be infected easily, the SELinux service should be enabled.
In further tutorials, we will check how to modify and use SELinux completely.