Security Enhanced Linux (Selinux), Chroot Jail, and Iptables
Security Enhanced Linux (Selinux), Chroot Jail, and Iptables Three of the most important types of Linux security technologies are Security Enhanced Linux (SELinux), chroot jail, and iptables. This security measures aide in the subversion of theft and malicious activity. We will discuss these items in depth to address who created them and for what reason. Along with how these technologies changed the operating system to enforce security, and the types of threats that these security systems are design to eliminate. Security Enhanced Linux was released in December of 2000 from the National Security Agency (NSA), under the GNU general public license. SELinux is not a Linux distribution; it is a set of kernel modifications and tools that can be added to a variety of Linux distributions. SELinux is currently a part of Fedora Core, and it is supported by Red Hat. Incarnations of SELinux packages are also available for Debian, SuSe, and Gentoo. Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible Mandatory Access Control (MAC). The Chroot system call was introduced during the development of Version 7 Unix in 1979, and added by Bill Joy on 18 March 1982, a year and a half before 4.2BSD was released in order to test its installation and build system. A chroot on a UNIX based operating systems, like Linux, is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name or access files outside the designated directory tree. On a web server, it is very useful for the security of shared hosting accounts. Without a chroot jail a user with limited file permissions can navigate to the top level directories. Although that user does not have permission to make changes, they can invade the files and access information. An important use of chroot is...
Please join StudyMode to read the full document