Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat to Release Enhanced-Security Linux

Posted by timothy on from the compound-modifier dept.

Klatoo55 writes "According to an article by Techweb, Red Hat will release Red Hat Enterprise Linux 4.0, which includes support for Security-Enhanced Linux, in 2005. Red Hat has been running this system with a published IP address asking for hackers to try to break the security. The last version was defeated within 45 seconds, but this new version (apparently to be the policy for the next Fedora) has yet to be cracked."

5 of 326 comments (clear)

  1. Security? by azatht · · Score: 3, Interesting

    Has they created something by their own to enhance the security, or is it just that they have included some restricitons to the users/administrators? (ie. have they dissabled the root-account?)

    --
    ------- In the end there are no begining
  2. Invulnerable to MyDoom type virii? by Raster+Burn · · Score: 5, Interesting

    The article implies that SE Linux would be more secure that Windows, especially in light of the MyDoom virus. But doesn't the MyDoom virus depend on a dope sysadmin clicking on a binary attachment to spread?

    So how does SE Linux protect systems against trojans?

  3. This is the right question by Animats · · Score: 4, Interesting
    With mandatory security with levels and compartments going mainstream, we need apps designed to use it properly.

    Mail handling is a good example. Each receive process should be running in a separate jail, with a net connection to the incoming port, a limited connection to the mail database, and no privilege to open files or network connections. Then it doesn't matter what happens in the receive process.

    The software that passes data across security boundaries has to be carefully written and audited. But it doesn't have to do much. Software has to be divided into two kinds - big, untrusted programs that do the work, and little, carefully audited security-critical programs that do very little.

    The job of the OS is to keep each program in its own security box.

    Mail, DNS, and web servers need to be broken up in this way. Now that Red Hat is going with SE Linux, it's time to do this. Get busy.

  4. Re:Windows Beats Linux! by hendridm · · Score: 5, Interesting

    Not sure if you're joking or serious, but during the Code Red fiasco I put a Windows machine with IIS online on my cable modem. Thanks to port 80 being forwarded to that machine on my firewall, my computer was infected after I installed Windows in the time it took me to find and install the service pack! From then on, I made sure to remove port forwards before installing updates on newly installed machines :)

    I guess it's no surprise, given the amount of Code Red traffic there was at the time, but I just didn't think of it at the time since I had planned on installing all the updates after reloading.

  5. Out of box Security by niko9 · · Score: 3, Interesting

    2 questions:

    Anybody have more info as to why the last machine was compromised in 45 seconds?

    Anybody know of a guide for the Linux beginer on how to secure (shutting down services not needed for a desktop machine, in an easy to understand way)a out-of-the-box desktop system??