[LINK] WP: The Pentagon is turned on by eWar
grove at zeta.org.au
Wed Apr 11 17:35:48 EST 2012
Has anyone here actually used SELinux - I did but only for a trial while I did my Redhat studies,
for about 3 weeks.
It's "not very nice to use".... I will not go into details, but it is pretty heavy duty stuff that logs
just about every action on the system. Some rulesets can be created to permit various functions, but I found it a particular hassle. In the end, you also need to hack your apps
(ie have source code and a room of appropriately shaved monkeys to support it) to use all
the features and god forbid you want backups restored or have to do DR on it...... One of the annoying bits is having to recast shell scripts and so on if they needed to work in the secure realm. Some things will not work at all for various reasons, so you have to destress the secure
bits if you want to use them.
I also tried Trusted Solaris a few years ago and likewise found that difficult to use,
so I do not know how regular users coped with it.....
<r.polanskis at uws.edu.au>
<grove at zeta.org.au>
On 11/04/2012, at 17:16, Tom Worthington <tom.worthington at tomw.net.au> wrote:
> On 11/04/12 10:37, grove at zeta.org.au wrote:
>> ... Why doesn't the US govt invest in their own GovOS platform that could
>> be designed by the NSA to be secure out of the box ...
> The US Government did invest in a secure operating system, called
> "Security-Enhanced Linux" (SELinux).
> The NSA funded security enhancements were then added to version 2.6 of
> the Linux kernel: http://en.wikipedia.org/wiki/Security-Enhanced_Linux
> Tom Worthington FACS CP, TomW Communications Pty Ltd. t: 0419496150
> PO Box 13, Belconnen ACT 2617, Australia http://www.tomw.net.au
> Liability limited by a scheme approved under Professional Standards
> Adjunct Senior Lecturer, Research School of Computer Science,
> Australian National University http://cs.anu.edu.au/courses/COMP7310/
> Link mailing list
> Link at mailman.anu.edu.au
More information about the Link