Skip the navigation

Developer preps for hardened Linux

By Matthew Cooney
April 14, 2004 12:00 PM ET

Computerworld New Zealand - Security Enhanced Linux, a "hardened" version of the open-source software that was helped into existence by a U.S. spy agency, is on the verge of gaining broad acceptance, a New Zealand developer says.

Kerry Thompson, an Auckland security consultant, says the pending release of the Fedora Core 2 distribution will introduce SELinux to mainstream Linux users. Fedora is sponsored by Red Hat Inc. and built on Red Hat 9, and has been adopted by many former Red Hat community members. Red Hat Enterprise Linux 4, due early next year, will also include SELinux technology.

SELinux, produced by the National Security Agency, security companies and open-source developers, extends the Linux kernel to include a media access control (MAC) system, restricting access to system resources for users and programs. MAC makes it more difficult for a rogue user or program to take control of other processes, files or devices.

Thompson has done "a fair bit" of SELinux testing, development and documentation over recent years but hasn't yet managed to install SELinux on a client's computer.

"I haven't heard of anyone in New Zealand doing deployment," he says. "No one's used it in anger."

Fedora is likely to change that. Red Hat developers use Fedora as a testing ground for the company's enterprise distribution, so bugs and implementation issues should get attention.

Fedora Core 2 is currently available in beta release; a final version is expected next month.

At the moment, SELinux probably isn't ready for widespread production use, Thompson says.

"It's still pretty much beta software. It's still quite experimental, and it uses features that could mess up your servers and things like that," he says. "It's also debatable that people really need it." Customers that do need very secure computers are likely to use hardened Unix systems, he says, but SELinux promises much more.

"You can load a policy in the kernel of a box and tighten it down far more than you could with a normal Unix box," Thompson says.

Last week Thompson presented a demonstration of SELinux to the Auckland Linux User Group, with 23 people attending.

"But as Fedora comes out and it gets more mainstream, we expect more people will be interested in this," he says.

Reprinted with permission from Computerworld New Zealand Story copyright 2012 Computerworld New Zealand. All rights reserved.
Our Commenting Policies