SELinux, or Security-Enhanced Linux, is a security module in the Linux kernel designed to enforce access control policies, primarily influenced by projects from the NSA. Initially released as open-source in 2000, it introduced various security models such as Type Enforcement and Role-Based Access Control. SELinux policies define security contexts and behaviors for processes, with commands for enabling, disabling, and managing its configurations.

1. SELINUX

2. OUTLINE
• What is SELinux
• History of SELinux
• SELinux Security Models
• SELinux Policy
• SELinux Usage
• SELinux Commands
• Demonstration
• References

3. WHAT IS SELINUX?
• Security-Enhanced Linux is a Linux kernel security module that provides a mechanism for supporting
access control security policies, including United States Department of Defense –style mandatory access
controls.
• The key concepts underlying SELinux can be traced to several earlier projects by the United States
National Security Agency (NSA).

4. HISTORY OF SELINUX
• The NSA, the original primary developer of SELinux, released the first version to the open source
development community under the GNU GPL on December 22, 2000.
• The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003.
• Other significant contributors include Red Hat, Network Associates, Secure Computing Corporation,
Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE
implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin
operating systems.

5. SECURITY MODELS
• Type Enforcement (TE)
• Confine processes (subjects) to domains by using security contexts.
• Role-based Access Control (RBAC)
• Recognizes that users often need to move from 1 domain to another. RBAC rules
explicitly allow roles to move from one domain to another
• Multi-Level Security
• Users allowed to read at one level cannot read at higher levels. Also users allowed to
write at 1 level are not allowed to write at a lower level. (Ensures that secure
information does not propagate to lower levels.

6. SELINUX POLICY
• Security Context determined by system policy file
• Policy is a compiled file, based on a text file that you define (or a default
file that you use). This defines all of the various file and user contexts that
you want to be active in your system
• Compiled policy stored in /etc/selinux/targeted/policy
• Based on contexts in /etc/selinux/targeted/contexts

7. SELINUX USAGE
• Enable / Disable SELinux
• selinuxenabled
• Set enforcement policy permissive / disabled
• Setenforce / getenforce
• Set Policy type
• Targeted (only monitor specific services and files)
• Strict (monitor everything)
• Defined in /etc/selinux/config
• If targeted, select policies for each service

8. SELINUX COMMANDS
• Global Commands
• selinuxenabled
• getenforce
• setenforce
• sestatus
• fixfiles
• SELinux Files
• /etc/selinux/config
• /selinux/booleans

10. REFERENCES
• Lawrence, Steve (2016-02-23). "Release 2016-02-23". selinux. SELinux Project. Retrieved 2016-02-24.
• Jump up^ "SELinux Frequently Asked Questions (FAQ) - NSA/CSS". National Security Agency.
Retrieved 2013-02-06.
• Jump up^ Loscocco, Peter; Smalley, Stephen (February 2001). "Integrating Flexible Support for Security
Policies into the Linux Operating System" (PDF).
• Jump up^ "Security-Enhanced Linux - NSA/CSS". National Security Agency. 2009-01-15. Retrieved 2013-
02-06.
• Jump up^ Compare "National Security Agency Shares Security Enhancements to Linux
• https://access.redhat.com/documentation/en-us/red_hat_enterprise.../ch-selinux
• https://selinuxproject.org/