Preface

     

As a security researcher and author of computer books, I work hard to stay abreast of the latest technological developments. So, I'd been tracking Security Enhanced Linux (SELinux) on my technology radar for several years . But, frankly, it didn't seem to me easy enough, or robust enough, for dependable use by Linux system administrators.

About one year ago, SELinux seemed to grow up suddenly. I now believe that SELinux is the most important computing technology for Linux users that I've seen in the last several years. Obviously, others agree that SELinux is important and useful: SELinux has been incorporated into Fedora Core, Gentoo, and SUSE Linux. And by the time this book is in print, it's expected to be part of Red Hat Enterprise Linux.

Why the sudden popularity? In a nutshell , SELinux promises to change the way Linux users practice computer security from a reactive posture, based on applying patches intended to close published vulnerabilities, to a proactive posture that seeks to prevent even unpublished vulnerabilities from compromising systems. Properly configured and administered Linux systems already hold a well-deserved reputation for resistance to attack. SELinux significantly ups the ante on attackers and intruders by providing Linux system administrators with access to sophisticated security technology of a sort previously available only to administrators of high-security systems running expensive, military-grade operating systems.

Of course, as a good friend of mine ”who happens to be an economist ”is fond of saying, "There's no such thing as a free lunch ." Like other security technologies, SELinux must be properly installed, configured, and maintained if it is to be effective. This book will help you understand and intelligently use SELinux. Whether you prefer to use the sample SELinux security policies delivered as part of a Linux distribution or to implement your own customized policies, this book will show you the way.

One thing SELinux: NSA's Open Source Security Enhanced Linux doesn't do is explain how to write programs that use the SELinux API. I anticipate that this book will be useful to those who want to write such programs. But SELinux is designed for system administrators, not programmers, and therefore doesn't assume programming skills or expertise. Consequently, those interested in using the SELinux API will have to supplement the material presented in this book with information obtained from SELinux documentation and other sources.



SELinux. NSA's Open Source Security Enhanced Linux
Selinux: NSAs Open Source Security Enhanced Linux
ISBN: 0596007167
EAN: 2147483647
Year: 2003
Pages: 100
Authors: Bill McCarty

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net