NSA takes its Flask architecture to the open-source community to offer an inexpensive route to trusted systems. "What it really helps out with is something called zero-day exploits," said Daniel Walsh, a principal software engineer at Red Hat and leader of the company's SELinux team. "If you have a bug in your software that allows a machine to be taken over, SELinux [provides] another layer of controls to make sure that application only does what is was designed to do. SELinux is your last line of defense."
Post a Comment
Member since:
2006-01-26
Fans: 24
Member since:2007-03-06
Fans: 1
Member since:2005-12-02
Fans: 0
"...until every single line of code had been independently verified to not provide a back door for the NSA to spy on the data. While the FBI and CIA have done their share of foul stuff, the NSA probably takes the cake in terms of sheer evilness over the last 10 years or so."
Help yourself. SELinux is under the GPL and the code is available.
Member since:2005-07-08
Fans: 4
Member since:
2007-12-08
Fans: 0
In RHEL and Fedora by default SELinux is 'on' if you leave it on and you are setting up a machine, server, laptop you can use this command.
setenforce 0 to set it to permissive so you can install the packages or updates...
When you are finished customizing your machine
setenforce 1 to turn it back to enforcing mode no reboot is required.
You can reference another directory with the same SELinux context with chcon --reference /var/www/html /var/www/mywebstuff
It is another area that is amazing in what it can do, it takes a lot of practice, studying and understanding to administer it in the correct manner.
