NSA-enhanced Linux

This is a discussion on NSA-enhanced Linux within the Linux Programming forums, part of the Platform Specific Boards category; Just thought it might be intersting for some: NSA (National Security Agency) distributes a modified version of RedHat Linux with ...

  1. #1
    Registered User Engineer's Avatar
    Join Date
    Oct 2001
    Posts
    125

    NSA-enhanced Linux

    Just thought it might be intersting for some:

    NSA (National Security Agency) distributes a modified version of RedHat Linux with a lot of security enhancements. It is called SELinux and it can be found at http://www.nsa.gov/selinux
    1 rule of the Samurai Code: if you have nothing to say, don't say anything at all!

  2. #2
    Registered User
    Join Date
    Dec 2001
    Posts
    47
    Actually, this is just a kernel and other components. They have only tested it on RedHat systems, but it should work with any major distribution.

  3. #3
    Unregistered
    Guest

    Question

    Just a kernel?

  4. #4
    Registered User
    Join Date
    Dec 2001
    Posts
    47
    yeah, and from what I can tell, they haven't made a lot of changes either. Pretty boring actually for the NSA. They just improved the file protection to be a lot stricter. I would have thought they would have done some real "OpenBSD style" buffer overflow/vulnerability checking, etc. It's probably worth downloading if you intend to upgrade your kernel. I've heard ppl say they didn't have compatibility problems with it.

  5. #5
    Unregistered
    Guest
    They have added some accessc controls to SElinux, RBAC, and MAC, as you may know this is pretty good, i'm no linux guru or security expert but if say for example apache was exploited, they would be stuck on apaches access level not being able to elevate their priledges etc.

    i think its a good idea.

  6. #6
    Registered User
    Join Date
    Sep 2002
    Posts
    18
    I use SELinux kernel & i think it's quite good from what i understand about it .

    yeah, and from what I can tell, they haven't made a lot of changes either. Pretty boring actually for the NSA. They just improved the file protection to be a lot stricter. I would have thought they would have done some real "OpenBSD style" buffer overflow/vulnerability checking, etc. It's probably worth downloading if you intend to upgrade your kernel. I've heard ppl say they didn't have compatibility problems with it.
    Yes it does help stop buffer overflows, it runs applications with minimal priveledges needed, They've implemented access controls such as RBAC(role based access contros) & MAC(mandatory access controls), and have gotten rid of DAC(the files are at the users descretion e.g. they can change who owns,reads the file etc)

    quote from selinux faq

    It has no concept of a "root" super-user, and does not share the well-known shortcomings of the traditional Linux security mechanisms (such as a dependence on setuid/setgid binaries).
    The root account can be totally locked down, meaning even if root was gained no priledges will be added. The Mailing list's are very good, i'm sure somebody would be willing to answer some of your questions.

    quote from selinux faq


    While problems with the correctness or configuration of applications may allow the limited compromise of individual user programs and system daemons, they do not pose a threat to the security of other user programs and system daemons or to the security of the system as a whole.
    That quote speaks for itself.

    Though it's only tested on redhat 7.2 systems, people have managed to run it on mandrake & slackware, but i bet those were the real hardcore linux guruz, who hack away at the keyboard all night I use SELinux kernel & i think it's quite good from what i understand about it .

    yeah, and from what I can tell, they haven't made a lot of changes either. Pretty boring actually for the NSA. They just improved the file protection to be a lot stricter. I would have thought they would have done some real "OpenBSD style" buffer overflow/vulnerability checking, etc. It's probably worth downloading if you intend to upgrade your kernel. I've heard ppl say they didn't have compatibility problems with it.
    Yes it does help stop buffer overflows, it runs applications with minimal priveledges needed, They've implemented access controls such as RBAC(role based access contros) & MAC(mandatory access controls), and have gotten rid of DAC(the files are at the users descretion e.g. they can change who owns,reads the file etc)

    quote from selinux faq

    It has no concept of a "root" super-user, and does not share the well-known shortcomings of the traditional Linux security mechanisms (such as a dependence on setuid/setgid binaries).
    The root account can be totally locked down, meaning even if root was gained no priveledges will be added. The Mailing list's are very good, i'm sure somebody would be willing to answer some of your questions.

    quote from selinux faq


    While problems with the correctness or configuration of applications may allow the limited compromise of individual user programs and system daemons, they do not pose a threat to the security of other user programs and system daemons or to the security of the system as a whole.
    That quote speaks for itself.

    Though it's only tested on redhat 7.2 systems, people have managed to run it on mandrake & slackware, but i bet those were the real hardcore linux guruz who hack away at the keyboard all night .

  7. #7
    Refugee face_master's Avatar
    Join Date
    Aug 2001
    Posts
    2,052
    Don't trust it!!! Ok, its been created by the NSA - THAT IS THE GIVE AWAY! I bet that they made this modified version of Red Hat to either collect data from your computer regarding issues regarding "national security", or something more sinister...

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Wireless Network Linux & C Testbed
    By james457 in forum Networking/Device Communication
    Replies: 3
    Last Post: 06-11-2009, 12:03 PM
  2. Dabbling with Linux.
    By Hunter2 in forum Tech Board
    Replies: 21
    Last Post: 04-21-2005, 05:17 PM
  3. Linux Security Article by NSA
    By xddxogm3 in forum Tech Board
    Replies: 4
    Last Post: 01-31-2005, 09:31 AM
  4. installing linux for the first time
    By Micko in forum Tech Board
    Replies: 9
    Last Post: 12-06-2004, 05:15 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21