Results 1 to 7 of 7

Thread: NSA linux

  1. #1

    NSA linux

    I was having a look around the NSA site (as you do), and saw that they have their own linux distro!

    http://www.nsa.gov/selinux/index.cfm

    Has anyone seen or used this before? Would be interesting to have a look at, if your into being spied on :-0

  2. #2
    It's actually not a distro:

    Security-enhanced Linux is a research prototype of the Linux® kernel and a number of utilities with enhanced security functionality designed simply to demonstrate the value of mandatory access controls to the Linux community and how such controls could be added to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security.

  3. #3
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705

    Re: NSA linux

    Originally posted here by lj_308
    I was having a look around the NSA site (as you do), and saw that they have their own linux distro!

    http://www.nsa.gov/selinux/index.cfm

    Has anyone seen or used this before? Would be interesting to have a look at, if your into being spied on :-0
    The NSA has contributed more to the world of Information Assurance than almost any other entity that I can name. There is nothing malicious contained within SELinux.

    All it is is a half-assed reference monitor and a mandatory access control scheme. Not to mention a configuration nightmare if my memory serves me correctly. (Alcohol may have contributed to my difficulties, however.)
    Real security doesn't come with an installer.

  4. #4
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    FYI, if you are just getting into this sort of thing, you may want to start with something simpler, like POSIX ACLs, etc.
    Real security doesn't come with an installer.

  5. #5
    Its been around for awhile now.

    If you are really worried about linux security, use slackware, chroot services, only run required services, compile the latest 2.6 kernal, and use iptables to block everything to the server except for the required ports.

    In other words, don't do a full install and leave everything running. Lots of people tell me they know linux, but can't do anything without x windows.

    Slackware will force you to learn linux. Instead of running a pre-made failsafe script, you have to actually figure out how to do things yourself. The directory structure is a little different from some of the mainline distros, but you'll get used to it.

  6. #6
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Originally posted here by caveman8fb
    Its been around for awhile now.

    If you are really worried about linux security, use slackware, chroot services, only run required services, compile the latest 2.6 kernal, and use iptables to block everything to the server except for the required ports.
    I believe it has been shown many times here that chrooting is not a security tool, but an administration tool.

    Also, instead of relying on a firewall, why not just eliminate all but the required services?

    Lastly... When you recompile your 2.6 kernel, make sure to enable POSIX ACLs, extended ext2 yadda yadda... You get the idea. Whatever is apropriate for your situation.

    In other words, don't do a full install and leave everything running. Lots of people tell me they know linux, but can't do anything without x windows.

    Slackware will force you to learn linux. Instead of running a pre-made failsafe script, you have to actually figure out how to do things yourself. The directory structure is a little different from some of the mainline distros, but you'll get used to it.
    Real security doesn't come with an installer.

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    Hell, don't forget OpenBSD.

    Yes I know its not a Linux distro, but it is my favorite BSD varient.
    ...This Space For Rent.

    -[WebCarnage]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •