792 Words4 Pages
SELinux (Security-Enhanced Linux) was developed by the U.S National Security Agency and essentially enforces security policies that limits what a user or program can do by implementing MAC (Mandatory Access Control) in the Linux kernel. It defines a security policy that controls many different things such as files, devices, sockets, ports and even some processes. The Security-enhanced Linux's features are designed to enforce the separation of information based on confidentiality and integrity requirements. They are designed for preventing processes from reading data and programs, tampering with data and programs, bypassing application security mechanisms, executing untrustworthy programs, or interfering with other processes in violation…show more content…
Several different tables may be defined and each table contains a number of built-in chains that may also contain user-defined chains as well. Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a 'target', which may be a jump to a user-defined chain in the same table. The first table is the default table if no other selection is made and should be used exclusively for filtering packets based on their content. That table is called the filter table and does not have the ability to alter any packets. The next table is called nat (network address translation) and this table is used to translate the source or destination fields of packets when packets create new connections. The last table is called mangle and is used for specialized packet alteration including TOS (type of service) as well as TTL (time to live). The last Linux security technology I want to discuss is chroot jail and how it works. Chroot jail is the common expression used to describe a section of a file system that is sectioned off for a

More about Linux

Get Access