[TCLUG] SE (Security Enhanced) Linux

[rpgoldman at real-time.com]

>>>>> "Chuck" == Chuck Cole <cncole at earthlink.net> writes:

    Chuck> Isn't SELinux an actual distro from NSA and NOT just an
    Chuck> add-on to any other distro?  Can't imagine folks I know at
    Chuck> NSA even considering a distro that isn't within their audit
    Chuck> schemes for clean releases.  This is not just for
    Chuck> "security", but also operational integrity.  I think their
    Chuck> concern is also like a govt flight safety consideration
    Chuck> (etc) for SELinux distros, since SELinux is the thing for
    Chuck> many DoD contracts for flyable and fieldable things these
    Chuck> days.

I'm pretty sure it's not a distro.  The last I checked it was a series
of kernel modifications. 

"Security-enhanced Linux is a research prototype of the Linux® kernel
and a number of utilities with enhanced security functionality
designed simply to demonstrate the value of mandatory access controls
to the Linux community and how such controls could be added to Linux."

and

"Security-enhanced Linux includes patches to the Linux kernel and
patches to a number of standard tools and utilities. It also includes
a number of new utilities, support files, and documentation. By far
the easiest way to build and install Security-enhanced Linux currently
is to duplicate our source trees (linux-2.6 and selinux-usr) and
follow the instructions in selinux-doc/README. We have provided
compressed archives of our source trees, as well as several ways to
build it by acquiring only our modifications from our web site
(http://www.nsa.gov/selinux/).

 
"Can I install Security-enhanced Linux on an existing Linux system?
 

"Yes. You actually need to have an existing Linux system. The
Security-enhanced Linux distribution is source code for a modified
Linux kernel and some utilities. You must have the ability to compile
a kernel and also have necessary, but unmodified system packages. Our
distribution is known to install on the Red Hat distribution, and has
not been tested with others."

>From the NSA's web site.

R

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list