How to Use SELinux Targeted Policy to Secure Your Hosts

Hackers often rely on lazy system admins and unpatched vulnerabilities to get access to a host. Keeping intruders off of our machines requires us to update daily, only run the services we need, and read the code, among other things, but we can still make mistakes. Luckily for us, we can limit the damage caused by those mistakes by running SELinux. SELinux is a mandatory access control (MAC) system implemented via the Linux kernel and within extended attributes on the file system. SELinux was originally developed by the NSA with the help of the Secure Computing Corporation (now defunct), MITRE... more