Eine Einführung in SELinux

Winkler, Marcus

25 January 2007

SELinux ist eine Erweiterung für das Betriebssystem Linux, deren Einsatz eine Erhöhung der Systemsicherheit verspricht. Dieses Tutorial stellt einige der Grundlagen und Mechanismen von SELinux vor. Es gibt einen Einblick in Nutzung und Konfiguration. / SELinux is an extension to the Linux operating system. It promises an increase in system security. This tutorial introduces some of the principles and mechanisms of SELinux. It provides insight into its usage and configuration.

info:eu-repo/classification/ddc/000

ddc:000

Computersicherheit

LINUX

SELinux

mandatory access control

security

Bezpečnostní politiky SELinuxu pro vybrané aplikace prostředí KDE / SELinux security policies for chosen applications of KDE desktop environment

Vadinský, Ondřej

January 2011

This thesis deals with technologies of SELinux security policy writing. Furthermore the thesis analyzes userspace of GNU/Linux operating system with special focus on KDE desktop environment. On the basis of this analysis a bottom-up methodics to create a security policy is devised. Acquired knowledge is then used in practice when realizing the main goal of the thesis, which is to create example security policies for chosen KDE applications. When describing technologies of security policy writing the thesis draws information from available sources of information. Input for userspace analysis are available electronic sources of information and author's own experience with analyzed applications. This is used with common philosophic principles to devise bottom-up methodics of policy writting. Following act of policy building draws from defined security goals, acquired knowledge, created methodics and defined usecases. Theoretical contribution of the thesis is devised methodics of userspace policy building. Main practical contribution are then created example SELinux policies for chosen KDE applications. The structure of the thesis follows its goals. For them three parts are created: background research of available resources, author's own theoretical contemplations and practical output of the thesis. Those parts are then devided into sections according to needs of each topic.

Aplikace pro zabezpečení Linuxového serveru pomocí technologie SELinux / SELinux application for Linux server security

Jirka, Michal

January 2008

This work is engaged in access control mechanism in GNU/Linux operating systems. At first discretionary and mandatory access control are compared and examine basic technologies based on mandatory access control. More closely is focused on project SELinux, whose generation of new rules is explained. Within the thesis is made application for logging evaluation and for writing new Type Enforcement rules.

MAC řízení přístupu / Mandatory access control

Grepl, Miroslav

January 2008

This master's thesis describes the problems of SELinux, and the methods of creation of a proper security policy with a focus on the SELinux reference policy and its mechanisms. It designs the methodics of formulation of specific security rules, supplemented with the practical example of its application. Furthermore, it describes the available security rules commonly used for http, ftp and ssh services securing, their modification and practical utilization. According to the proposed methodology, these services are protected with their own security rules and both security methods are mutually compared and evaluated.