Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
11121314151617181920
SELinux
3
system administrators, developers, and engineers to ensure 24x7 reliability of their systems, services,
and information. Falling victim to malicious users, processes, or coordinated attacks is a direct threat
to the success of the organization.
Unfortunately, system and network security can be a difficult proposition, requiring an intricate
knowledge of how an organization regards, uses, manipulates, and transmits its information.
Understanding the way an organization (and the people that make up the organization) conducts
business is paramount to implementing a proper security plan.
1.1.1.3. Standardizing Security
Enterprises in every industry rely on regulations and rules that are set by standards-making bodies
such as the American Medical Association (AMA) or the Institute of Electrical and Electronics
Engineers (IEEE). The same ideals hold true for information security. Many security consultants
and vendors agree upon the standard security model known as CIA, or Confidentiality, Integrity, and
Availability. This three-tiered model is a generally accepted component to assessing risks of sensitive
information and establishing security policy. The following describes the CIA model in further detail:
Confidentiality — Sensitive information must be available only to a set of pre-defined individuals.
Unauthorized transmission and usage of information should be restricted. For example,
confidentiality of information ensures that a customer's personal or financial information is not
obtained by an unauthorized individual for malicious purposes such as identity theft or credit fraud.
Integrity — Information should not be altered in ways that render it incomplete or incorrect.
Unauthorized users should be restricted from the ability to modify or destroy sensitive information.
Availability — Information should be accessible to authorized users any time that it is needed.
Availability is a warranty that information can be obtained with an agreed-upon frequency and
timeliness. This is often measured in terms of percentages and agreed to formally in Service Level
Agreements (SLAs) used by network service providers and their enterprise clients.
1.1.2. SELinux
Red Hat Enterprise Linux includes an enhancement to the Linux kernel called SELinux, which
implements a Mandatory Access Control (MAC) architecture that provides a fine-grained level of
control over files, processes, users and applications in the system. Detailed discussion of SELinux
is beyond the scope of this document; however, for more information on SELinux and its use in Red
Hat Enterprise Linux, refer to the Red Hat Enterprise Linux SELinux User Guide. For more information
on configuring and running services that are protected by SELinux, refer to the SELinux Managing
Confined Services Guide. Other available resources for SELinux are listed in Chapter 8, References.
1.1.3. Security Controls
Computer security is often divided into three distinct master categories, commonly referred to as
controls:
Physical
Technical
Administrative
These three broad categories define the main objectives of proper security implementation. Within
these controls are sub-categories that further detail the controls and how to implement them.