FOSDEM '09 is a free and non-commercial event organized by the community, for the community. Its goal is to provide Free and Open Source developers a place to meet.

Ralph Angenendt
Day Sunday
Room H.2213
Start time 13:00
End time 14:00
Duration 01:00
Event type Podium
Track Fedora + CentOS
Language English
Securing CentOS with SELinux

drwxr-x--x is still the normal means of security under linux, giving access rights to data to users, groups and anyone else. This method isn't very flexible, so access rights are either given for larger groups of people or the administrator is tearing out his hair because he is lost in a maze of user, file and directory structures, which make working more than complex, but don't make the system more secure. Enter SELinux, a security infrastructure which is integrated into the kernel and promises to make securing your system more flexible.

SELinux is a security framework which is included in the kernel of the Linux operating system. Under SELinux files don't only have the normal access rights or ACLs, but also have a context. You as a user or a program have to be able to use that context to get access - even if normal access rights would allow you to change the file. This talk gives a short overview of SELinux and talks about the tools in CentOS 5 (and Fedora) which enable you to change the behaviour of SELinux. In the second part we will secure a small daemon with the tools we learned about in part 1.