Search results
Results from the WOW.Com Content Network
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions .
At the 2001 Linux Kernel Summit, the NSA proposed that SELinux be included in Linux 2.5. [5] Linus Torvalds rejected SELinux at that time, because he observed that there are many different security projects in development, and since they all differ, the security community has not yet formed consensus on the ultimate security model.
The Openwall Project is a source for various software, including Openwall GNU/*/Linux (Owl), a security-enhanced Linux distribution designed for servers. Openwall patches and security extensions have been included into many major Linux distributions.
RSBAC is very close to Security-Enhanced Linux , as they share a lot more in their design than other access controls [citation needed] such as AppArmor. However, RSBAC brings its own hooking code instead of relying on the Linux Security Module . Due to this, RSBAC is technically a replacement for LSM itself, and implement modules that are ...
It used and extended the system capabilities bounding set to control the whole system and added some network and filesystem security features to the kernel to enhance the security. One could finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more. LIDS supported Linux kernel 2 ...
TOMOYO Linux is a lightweight MAC implementation for Linux and Embedded Linux, developed by NTT Data Corporation. It has been merged in Linux Kernel mainline version 2.6.30 in June 2009. [ 16 ] Differently from the label-based approach used by SELinux , TOMOYO Linux performs a pathname-based Mandatory Access Control, separating security domains ...
eBPF is a technology that can run programs in a privileged context such as the operating system kernel. [5] It is the successor to the Berkeley Packet Filter (BPF, with the "e" originally meaning "extended") filtering mechanism in Linux and is also used in non-networking parts of the Linux kernel as well.
Linux offers a wealth of mechanisms to reduce kernel attack surface and improve security which are collectively known as the Linux Security Modules (LSM). [304] They comprise the Security-Enhanced Linux (SELinux) module, whose code has been originally developed and then released to the public by the NSA , [ 305 ] and AppArmor [ 189 ] among others.