Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 5.4 - SYSTEMTAP BEGINNERS GUIDE
11121314151617181920
Security-Enhanced Linux (SELinux)
13
identity and authentication services enables local caching of identities, allowing users to still identify
in cases where the connection to the server is interrupted. SSSD supports many types of identity
and authentication services, including: Red Hat Directory Server, Active Directory, OpenLDAP, 389,
Kerberos and LDAP.
Further Reading
The Deployment Guide
20
contains a section that describes how to install and configure the
System Security Services Daemon (SSSD), and how to use the features that it provides.
8.2. Security-Enhanced Linux (SELinux)
Security-Enhanced Linux (SELinux) adds Mandatory Access Control (MAC) to the Linux kernel, and
is enabled by default in Red Hat Enterprise Linux 6. A general purpose MAC architecture needs the
ability to enforce an administratively-set security policy over all processes and files in the system,
basing decisions on labels containing a variety of security-relevant information.
8.2.1. Confined Users
Traditionally, SELinux is used to define and control how an application interacts with the system.
SELinux in Red Hat Enterprise Linux 6 introduces a set of policies that allows system administrators to
control what particular users can access on a system.
8.2.2. Sandbox
SELinux in Red Hat Enterprise Linux 6 features the new security sandbox feature. The security
sandbox adds a set of SELinux policies that enables a system administrator to run any application
within a tightly confined SELinux domain. Using the sandbox, system administrators can test the
processing of untrusted content without damaging the system.
8.2.3. X Access Control Extension (XACE)
The X Window System (commonly referred to a "X") provides the base framework for displaying the
graphical user interface (GUI) on Red Hat Enterprise Linux 6. This release features the new X Access
Control Extension (XACE), which permits SELinux to access decisions made within X, specifically,
controlling information flow between window objects.
8.3. Backup Passphrases for Encrypted Storage Devices
Red Hat Enterprise Linux provides the ability to encrypt the data on storage devices, assisting in the
prevention of unauthorized access of the data. Encryption is achieved by transforming the data into a
format that can only be read using a specific encryption key. This key — which is created during the
installation process, and protected by a passphrase — is the only way to decrypt the encrypted data.
20
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/chap-SSSD_User_Guide-
Introduction.html