SELinux For Dummies - LinuxFest Northwest 2013
Presentation by Gary Smith, Information System Security Officer, Molecular Science Computing, Pacific Northwest National Laboratory, Richland, WA.
In the beginning, the Unix file system's Discretionary Access Control (DAC) security model was simple and elegant. For decades, it was good enough for most situations but as as increasing security demands were put on DAC, it began to run out of steam.
Security Enhanced Linux (SELinux) was created by the National Security Agency (NSA) to be the most mature and complete response to the need for more secure Linux systems. Even though many distributions come with SELinux enabled by default, many system administrators disable SELinux out of fear their applications won't run. This is no longer acceptable.
Today everything from cell phones to super computers need high quality security. Imagine being able to sandbox applications such as your web browser, email client, or even a virtual machine. The traditional Linux security make this difficult or next to impossible. SELinux, however, makes this fine grain security available to everyone.
When it first arrived, SELinux seemed harder to learn and more mysterious than Quantum Mechanics. As a result, system administrators feared it. It's time to lay fear aside. SELinux for Dummies will show you what SELinux is, why it's a great addition to the security arsenal, and how to maintain and troubleshoot it.