|
AppArmor
AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been partially included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009. Details In addition to manually creating profiles, AppArmor includes a learning mode, in which profile violations are logged, but not prevented. This log can then be used for generating an AppArmor profile, based on the program's typical behavior. AppArmor is implemented using the Linux Security Modules (LSM) kernel interface. AppArmor is offered in part as an alternative to SELinux, which critics consider d ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SELinux
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy, and streamlines the amount of software involved with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA). Overview The NSA Security-enhanced Linux Team describes NSA SELinux as a set of patches to the Linux kernel and utilities to provide a strong, flexible, mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security-Enhanced Linux
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy, and streamlines the amount of software involved with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA). Overview The NSA Security-enhanced Linux Team describes NSA SELinux as a set of patches to the Linux kernel and utilities to provide a strong, flexible, mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Immunix
Immunix is a discontinued commercial operating system that provided host-based application security solutions. The last release of Immunix's Linux distribution was version 7.3 on November 27, 2003. Immunix, Inc. was the creator of AppArmor, an application security system. On May 10, 2005, Novell acquired Immunix, Inc., a long-time partner with Novell. AppArmor was one of Novell's primary interests, and as a result, it was adopted by the company and renamed Novell AppArmor powered by Immunix. In September 2007, Novell laid off the AppArmor team. See also * Novell * Security-focused operating system This is a list of operating systems specifically focused on security. Operating systems for general-purpose usage may be secure without having a specific focus on security. Similar concepts include security-evaluated operating systems that have ... References {{Linux-distro Discontinued Linux distributions Free security software Linux distributions ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux Kernel
The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU operating system, which was written to be a free (libre) replacement for Unix. Linux is provided under the GNU General Public License version 2 only, but it contains files under other compatible licenses. Since the late 1990s, it has been included as part of a large number of operating system distributions, many of which are commonly also called Linux. Linux is deployed on a wide variety of computing systems, such as embedded devices, mobile devices (including its use in the Android operating system), personal computers, servers, mainframes, and supercomputers. It can be tailored for specific architectures and for several usage scenarios using a family of simple commands (that is, without the need of manually editing its source code ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux Security Modules
Linux Security Modules (LSM) is a framework allowing the Linux kernel to support without bias a variety of computer security models. LSM is licensed under the terms of the GNU General Public License and is a standard part of the Linux kernel since Linux 2.6. AppArmor, SELinux, Smack, and TOMOYO Linux are the currently approved security modules in the official kernel. Design LSM was designed in order to answer all the requirements for successfully implementing a mandatory access control module, while imposing the fewest possible changes to the Linux kernel. LSM avoids the approach of system call interposition used by Systrace because it doesn't scale to multiprocessor kernels and is subject to TOCTTOU (race) attacks. Instead, LSM inserts " hooks" (upcalls to the module) at every point in the kernel where a user-level system-call is about to result with an access to an important internal kernel-object like inodes and task control blocks. LSM is narrowly scoped to solve the pro ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Mandatory Access Control
In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on an ''object'' or ''target''. In the case of operating systems, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/ UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object is tested against the set of authorization rules (aka ''policy'') to determine if the operation is allowed. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objec ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Debian Version History
Debian releases do not follow a fixed schedule. Recent releases have been made roughly biennially by the Debian Project. The most recent version of Debian is Debian version 11, codename "Bullseye". The next up and coming release of Debian is Debian 12 codename "Bookworm". Debian always has at least three release branches active at any time: "stable", "testing" and "unstable". The stable release is the most recent and up-to-date version of Debian. The testing release contains packages that have been tested from unstable. Testing has significantly more up-to-date packages than stable and is a close version of the future release candidate for stable. The unstable release (also known as sid) is the release where active development takes place. It is the most volatile version of Debian. When the Debian stable branch is replaced with a newer release, the current stable becomes an "oldstable" release. When the Debian stable branch is replaced again, the oldstable release becomes the "o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Solus (operating System)
Solus (previously known as Evolve OS) is an independently developed operating system for the x86-64 architecture based on the Linux kernel and a choice of the homegrown Budgie desktop environment, GNOME, MATE or KDE Plasma as the desktop environment. Its package manager, eopkg, is based on the PiSi package management system from Pardus Linux, and it has a semi-rolling release model, with new package updates landing in the stable repository every Friday. The developers of Solus have stated that Solus is intended exclusively for use on personal computers and will not include software that is only useful in enterprise or server environments. History On September 20, 2015, Ikey Doherty announced that "Solus 1.0 will be codenamed Shannon, after the River Shannon in Ireland", indicating that "codenames for releases will continue this theme, using Irish rivers." In July 2016, Solus announced the intention to discard the concept of fixed point releases and to embrace a rolling release ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ubuntu (operating System)
Ubuntu ( ) is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: ''Desktop'', ''Server'', and ''Core'' for Internet of things devices and robots. All the editions can run on the computer alone, or in a virtual machine. Ubuntu is a popular operating system for cloud computing, with support for OpenStack. Ubuntu's default desktop changed back from the in-house Unity to GNOME after nearly 6.5 years in 2017 upon the release of version 17.10. Ubuntu is released every six months, with long-term support (LTS) releases every two years. , the most-recent release is 22.10 ("Kinetic Kudu"), and the current long-term support release is 22.04 ("Jammy Jellyfish"). Ubuntu is developed by British company Canonical, and a community of other developers, under a meritocratic governance model. Canonical provides security updates and support for each Ubuntu release, starting from the release date and unt ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenSUSE
openSUSE () is a free and open-source software, free and open source RPM Package Manager, RPM-based Linux distribution developed by the openSUSE project. The initial release of the community project was a beta version of SUSE Linux 10.0. Additionally the project creates a variety of tools, such as YaST, Open Build Service, openQA, Snapper, Machinery, Portus, KIWI (openSUSE), KIWI and OSEM. Product history In the past, the SUSE Linux company had focused on releasing the SUSE Linux Personal and SUSE Linux Professional box sets which included extensive printed documentation that was available for sale in retail stores. The company's ability to sell an open source product was largely due to the closed-source development process used. Although SUSE Linux had always been free software product licensed with the GNU General Public License (GNU GPL), it was only freely possible to retrieve the source code of the next release 2 months after it was ready for purchase. SUSE Linux' strate ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux Intrusion Detection System
In computer security, the Linux Intrusion Detection System (LIDS) is a patch to the Linux kernel and associated administrative tools that enhances the kernel's security by implementing mandatory access control (MAC). When LIDS is in effect all system network administration operations, chosen file access, any capability use, raw device, memory, and I/O access can be made impossible, even for root. One can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. One can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more. LIDS currently supports Linux kernel 2.6, 2.4. LIDS is released under the terms of the GNU General Public License (GPL). Current Status As of 2013, the Project appears to be dead. The last updates on the homepage and in the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Discretionary Access Control
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). Discretionary access control is commonly discussed in contrast to mandatory access control (MAC). Occasionally, a system as a whole is said to have "discretionary" or "purely discretionary" access control when that system lacks mandatory access control. On the other hand, systems can implement both MAC and DAC simultaneously, where DAC refers to one category of access controls that subjects can transfer among each other, and MAC refers to a second category of access controls that imposes constraint ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
