Ask the Expert

Why use SEL (security-enhanced Linux)?

Why would I need SEL?

Requires Free Membership to View

SEL (security-enhanced Linux) offers much greater security for your Linux system than anything you can lock down without it. With SEL, essentially users are assigned predefined roles so that they can't access files or processes that they don't own.

First, the Unix permissions are checked. If they allow the operation, SEL checks it and either permits it or denies it based on the predefined roles that you have configured.

Let's go back to the purpose of SEL. It adds mandatory access controls (MAC) to Linux. It is designed for preventing bad programs from tampering with your data and comprising other security controls you might have on your system. These bad programs include both malicious applications and badly written code.

At the same time, SEL helps minimize the damage that can be done as the result of an intrusion. The trusted operating systems (referred to in Is SEL trustworthy?)(particularly ones that are labeled C2) certainly have a form of access controls, but were not really mainstream (not mandatory, accept for B1 and higher) and also offered a limited Mandatory Access Control (MAC) model.

SEL provides a very flexible and configurable MAC to Linux. It can help you enforce critical processing on your data and also to enforce various legal restrictions, including disclosure of sensitive data. If you are a part of an organization that is concerned about securing your data, it is incumbent upon you to determine how deploying SEL can help secure your environment. If you are mandated by government and/or other regulalatory agencies to secure your data, the importance of implementing SEL becomes that much greater.

This was first published in August 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: