لطفا منتظر باشید ...
3.3 Linux Distributions Supporting SELinux
Currently only
Fedora Core supports SELinux by
providing it as an integral component that is installed without
special effort on the part of the installing user. However, Red Hat
has announced that Red Hat Enterprise Linux 4 (RHEL 4) will support
SELinux. The RHEL 4 implementation of SELinux is expected to closely
resemble the one in
Fedora Core 2.
3.3.1 Fedora Core 2
Fedora Core is a Linux distribution sponsoredbut not
supportedby Red Hat that uses the distribution as a test bed
for new technologies being considered for incorporation in Red
Hat's supported distributions, such as Red Hat
Enterprise Linux. Fedora Core is freely available at http://fedora.redhat.com. Unlike Red Hat
Enterprise Linux, which contains proprietary components, Fedora Core
is fully redistributable under the terms of the GNU GPL.Fedora Core 2 presents the most convenient implementation of SELinux
available to date. To install SELinux, you must respond
selinux
to the boot prompt that appears after
booting from the installation media.[1] During the installation procedure, the
Firewalls screen (see Figure 3-1) provides the user with the opportunity to
choose from three levels of SELinux support:[1] Fedora Core 2
test versions do not require you to use this special boot
option.
Disabled
Disables SELinux.
Warn
Enables SELinux to log, but not prevent, attempted violations of the
SELinux policy.
Active
Enables SELinux to fully enforce its policy.
Figure 3-1. The Fedora Core firewalls screen
the mode specified during installationno further configuration
is necessary. Of course, the system administrator can reconfigure the
system to operate in a different SELinux mode by modifying the boot
configuration (/boot/grub/grub.conf) or the
SELinux configuration (/etc/sysconfig/selinux),
either manually or by using the GUI Security Level tool.Moreover, the RPM
package manager included in Fedora Core is SELinux-aware. It
automatically labels files and directories when new packages are
installed. Thus, running SELinux under Fedora Core may involve
relatively little ongoing administration.The default SELinux policy implemented by Fedora Core is termed a
"relaxed policy," meaning that it
seeks to protect potentially vulnerable services and daemons without
strictly imposing the principle of least privilege on every user
action. Thus, the policy represents a compromise between ease of use
and security that is appropriate for many users. The system
administrator, of course, is free to tailor the SELinux policy to
better suit local needs. In particular, the system administrator may
find it necessary to do so if the system hosts binaries other than
those distributed as part of Fedora Core, or if the system
administrator wants to restrict the privileges available to scripts
such as cron jobs.
Chapter 5 and
Chapter 8
of this book
explain the procedures for doing so.
