-
September 10th, 2006, 07:20 AM
#1
Banned
NSA linux
I was having a look around the NSA site (as you do), and saw that they have their own linux distro!
http://www.nsa.gov/selinux/index.cfm
Has anyone seen or used this before? Would be interesting to have a look at, if your into being spied on :-0
-
September 10th, 2006, 05:57 PM
#2
It's actually not a distro:
Security-enhanced Linux is a research prototype of the Linux® kernel and a number of utilities with enhanced security functionality designed simply to demonstrate the value of mandatory access controls to the Linux community and how such controls could be added to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security.
-
October 3rd, 2006, 08:25 PM
#3
Re: NSA linux
Originally posted here by lj_308
I was having a look around the NSA site (as you do), and saw that they have their own linux distro!
http://www.nsa.gov/selinux/index.cfm
Has anyone seen or used this before? Would be interesting to have a look at, if your into being spied on :-0
The NSA has contributed more to the world of Information Assurance than almost any other entity that I can name. There is nothing malicious contained within SELinux.
All it is is a half-assed reference monitor and a mandatory access control scheme. Not to mention a configuration nightmare if my memory serves me correctly. (Alcohol may have contributed to my difficulties, however.)
Real security doesn't come with an installer.
-
October 3rd, 2006, 08:26 PM
#4
FYI, if you are just getting into this sort of thing, you may want to start with something simpler, like POSIX ACLs, etc.
Real security doesn't come with an installer.
-
October 3rd, 2006, 11:54 PM
#5
Its been around for awhile now.
If you are really worried about linux security, use slackware, chroot services, only run required services, compile the latest 2.6 kernal, and use iptables to block everything to the server except for the required ports.
In other words, don't do a full install and leave everything running. Lots of people tell me they know linux, but can't do anything without x windows.
Slackware will force you to learn linux. Instead of running a pre-made failsafe script, you have to actually figure out how to do things yourself. The directory structure is a little different from some of the mainline distros, but you'll get used to it.
-
October 3rd, 2006, 11:59 PM
#6
Originally posted here by caveman8fb
Its been around for awhile now.
If you are really worried about linux security, use slackware, chroot services, only run required services, compile the latest 2.6 kernal, and use iptables to block everything to the server except for the required ports.
I believe it has been shown many times here that chrooting is not a security tool, but an administration tool.
Also, instead of relying on a firewall, why not just eliminate all but the required services?
Lastly... When you recompile your 2.6 kernel, make sure to enable POSIX ACLs, extended ext2 yadda yadda... You get the idea. Whatever is apropriate for your situation.
In other words, don't do a full install and leave everything running. Lots of people tell me they know linux, but can't do anything without x windows.
Slackware will force you to learn linux. Instead of running a pre-made failsafe script, you have to actually figure out how to do things yourself. The directory structure is a little different from some of the mainline distros, but you'll get used to it.
Real security doesn't come with an installer.
-
October 4th, 2006, 12:03 AM
#7
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|