Cybersecurity has become essential today and therefore, you should know some common security infrastructures used on modern web servers and personal computers. If you are a Linux user, you should know about SELinux.
SELinux is the Linux kernel security module that provides access control security policies along with mandatory access controls (MAC). SELinux includes a set of kernel modifications and user tools, and is offered with most Linux-based machines used today.
What is SELinux?
SELinux is an abbreviation for Security-Enhanced Linux. It comprises of a series of security patches to the Linux kernel that order access controls for several services and applications. Depending on projects developed by the National Security Agency, SELinux has instantly become essential in the world of open-source cybersecurity.
SELinux helps in improving the Linux system security by providing restricted privileges and reducing the overall harm that can be caused to the entire system by a given application. Before you learning about the working of SELinux, let’s first explore the concept of correctness.
Correctness is a term used in computer science for describing the closeness of a given program’s performance as compared to the expected results based on the system specifications. For example, if there an application that helps in opening up an image file can be said to have a right level of correctness, if it successful in opening up the image file as expected. This concept is significantly applicable to any program, function, or application used in a computer system.
When there is no SELinux on a system, its security depends on the correctness of the kernel along with that of any privileged applications and their respective configurations. If there are any faults within these areas, the complete system can get compromised. Therefore, it isn’t recommended to have a Linux kernel without any sort of security, particularly for devices connected to the internet.
Systems with SELinux depend on the correctness of the kernel as well as that of the security-policy configuration. With this it is ensured that though there are errors in correctness or configuration they many compromise the application and not the entire system. Also, other applications will continue to function normally. Additionally, a catalogued security policy is offered by SELinux that secures the spread of compromised applications and other security vulnerabilities.
How Does SELinux Works?
In order to help SELinux work, it is important for the system to first assign labels, also known as context to various functions. A text string is assigned for users and processes and includes a username, a role, and a domain. Generally, the domain name is the only portion used to find out access controls. There is also a content for files, network ports, and hardware within SELinux and are assigned a name, a role, and a type.
When the files are mapped to a security context it is referred to as labelling and is done based on the policy file being used. A policy file includes three files: a mapping file, a rule file and an interface file. It is important to compile these three files into a single policy file with the SELinux toolset and load into the system kernel to make it an active policy. You can create the policy files manually or with the SELinux management tool. After the loading of the policy file into the system kernel, your system gets secured.
You will get SELinux pre-configured by default on most modern Linux operating systems such as Debian, Ubuntu, or CentOS. Many times, users don’t know that SELinux is working behind-the-scenes to secure their system. Due to the reliable and unobtrusive nature of SELinux , it has become an essential part of any modern Linux system.
SELinux Commands
Using a command-line interface, you can interact with SELinux on your machine to run simple commands that allow you to check and modify the status of the SELinux security module. Below are a few examples of commonly used SELinux commands:
For checking current status of SELinux, run the below command:
getenforce
To obtain a detailed status report, use the below command:
sestatus
For modifying the enforcement policy for SELinux, use the setenforce command. For set SELinux to enforce security policies, use the below command:
setenforce enforcing
If you want to make changes to your system that need a more permissive security policy, use the below command:
setenforce permissive
From the above examples, you can easily manage SELinux from the command-line, allowing users to obtain and modify the status of security policy enforcement in a quick way. By learning about SELinux and related commands, you can manage the security of your Linux-based server or personal computer in a better way.