Setting up SELinux Lab
Originally developed by National Security Agency NSA then later Redhat. SELinux represents one of several possible approaches to the problem of restricting the actions that installed software can take inside Linux or connected through Unix based operating systems.The SELinux removed the concept of superuser and enforced security through implementing true Mandatory Access Control policies and security.
In this post we will look in to demonstrate how to setup and install SELinux server. Then later our lab will progress through the SELinux posts by explaining the use of SELinux in securing your environment. Let's get started.
All we need is a Linux Server based on CentOS 7 installed on our virtual-box software. To install CentOS7 in VirtualBox please check this page on step by step on how to install CentOS7 in Virtual Box.
Off course you can also chose to launch a Linux droplet server based on Digital Ocean server. We will need a basic install for CentOS 7.
SELinux is implemented to provide an additional layer of protection, increase the control over processes execution, and protects against exploits by using multi level security. SELinux works by using Labels and Type Enforcement as shown in the figure below.
Lets start by installing SELinux packages using the following command
yum install -y setroubleshoot attr policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans
Linux® is a registered trademark of Linus Torvalds in the United States and other countries. FreeBSD® is a registered trademark of the FreeBSD Foundation. Solaris™ is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries.