US lobby group is trying to get the US government to consider open source as the equivalent to piracy i.e. if you use open source software you are a pirate and that makes you an enemy of the state.
[click to continue…]
Linux kernel is the central component of Linux operating systems. It is responsible for managing the system's resources, the communication between hardware and software and security. Kernel play a critical role in supporting security at higher levels. Unfortunately, stock kernel is not secured out of box. There are some important Linux kernel patches to secure your box. They differ significantly in how they are administered and how they integrate into the system. They also allow for easy control of access between processes and objects, processes and other processes, and objects and other objects. The following pros and cons list is based upon my personal experience.
[click to continue…]
Nice introduction to SELinux and other option to enhance Linux security. Mandatory access control and role-based access control are relatively new to the Linux kernel. With the introduction of the LSM framework, new security modules will certainly become available. In addition to enhancements to the framework, it's possible to stack security modules, allowing multiple security modules to coexist and provide maximum coverage for Linux's security needs. New access-control methods will also be introduced as research into operating system security continues. From the article:
Linux has been described as one of the most secure operating systems available, but the National Security Agency (NSA) has taken Linux to the next level with the introduction of Security-Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof. If you're running a 2.6 kernel today, you might be surprised to know that you're using SELinux right now! This article explores the ideas behind SELinux and how it's implemented.
=> Anatomy of Security-Enhanced Linux (SELinux) Architecture and implementation
On October 9th, 2007, Guardian Digital announced the newest release of EnGarde Secure Linux: Community 3.0.17 (Version 3.0, Release 17) server edition.
- Enterprise Reliability and scalability in a Community Platform
- Integrated SELinux policies and Firewall Functionality
- Intrusion detection and Complete Monitoring Services
- Web and Email Security Services
- Quick and easy Network Installation
- Combining the best of Open Source technologies
- Support for TCB, an alternative password shadowing scheme, has been added. This allows most system utilities to work with the least amount of privilege possible and, when properly configured, can allow you to run a system with zero setuid binaries.
- powernowd, a daemon to control the CPU speed and voltage of your server, is also now available. Once properly configured, powernowd can dynamically adjust the speed and voltage of your CPU, via the kernel CPUFreq and sysfs interfaces, to preserve power when it's idle.
- A very early-stage version of Samba 4 for users to evaluate.
- Samba 4 and much more
Download EnGarde Secure Linux
=> Visit official site to download latest release. Don't forget to check out EnGarde secure Linux documentation section. It offers quick start guide and other howtos.
Security-Enhanced Linux (SELinux) is a Linux mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. SELinux is enabled by default in RHEL 5 / CentOS 5 / Fedora etc. But many admin disabled it due to troubles and hard configuration options. So if you are afraid of SELinux, try new GUI tools to customizing your system’s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process:
A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they're done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.
=> A step-by-step guide to building a new SELinux policy module
EnGarde Secure Linux 3.0.15 has been released. EnGarde Secure Linux distributed as both community and paid supped model (just like RHEL).
According to release note:
This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
Download EnGarde Secure Linux
=> You may download the ISO image for EnGarde Secure Linux by visiting this link. Or try this fast mirror (552MB)