This is the rpm version of SELinux. There are differences between the
rpm version and the NSA version.
1. The modified utilities are building from Red Hats latest version.
For example the openssh is not the NSA version, but the latest
release from Red Hat.
2. All of the modified utilities uses the rpm obsoletes and provides to
install the modified utilities. The utilities will install into the
standard location not /usr/local/selinux. This directory has been
removed from installation.
3. Directory Structure of the SELinux installation.
a. /etc/security
Standard SELinux place for default context files.
b. /etc/security/selinux/
Current Policy location.
c. /etc/security/selinux/src
Where the policy.conf file that was built from the
policy files and used to compile the policy.11 file.
d. /etc/security/selinux/policy
Where the entire selinux policy source files are
located.
e. /usr/share/doc/selinux/examples
Where the sample policy files are located. The
policy-rh7.3.tgz is the compressed tar file of the
policy to build the system policy. This was modified
from the original NSA example policy to work with
Red Hat 7.3. The policy directory is an original NSA
policy source files.
f. /usr/lib/selinux
Contains the files access_vectors, initial_sids, and
security_class. These files are used to build the
security policy.
g. /usr/lib/libsecure.a
The security library for SELinux.
h. /usr/include/selinux
The include files for SELinux
i. /usr/bin
All the extra SELinux program is placed here (i.e.
newrole, run_init and avc_toggle).
4. The root user was modified to use a default of user_r role instead
of sysadm_r. The root user is allowed to change role on login and
after login via newrole.
5. An added utility of newrules-selinux.pl. This perl script will read
the messages file for avc deny messages and show the rules that need
to be created to allow the denied access. You should examine the
rule before adding.
6. FreeSwan has been built for all kernels and is installed as a
module.
See: www.freeswan.org for more information on IPSEC and
freeswan.
7. SNARE has been built for all kernel and is installed as a module
See: www.intersectalliance.com/projects/Snare/ for more
information.
Rules to make snare like syslog were created
8. The modified GDM is included for this rpm installation. You can
use the graphical login right after installation.
9. The source RPM should not be install in the /usr/src/redhat. I
would use the relocate option for rpm. Once install the entire
distribution is built from one rpm spec file
selinux-2002082308.spec. The build can be build on a non selinux
system and will not install any program on the build system.
Feedback is much appreciated;
Mark Westerman
Mark.westerman@westcam.com
Other Useful Business Software
The All-in-One Commerce Platform for Businesses - Shopify
Shopify is a leading all-in-one commerce platform that enables businesses to start, build, and grow their online and physical stores. It offers tools to create customized websites, manage inventory, process payments, and sell across multiple channels including online, in-person, wholesale, and global markets. The platform includes integrated marketing tools, analytics, and customer engagement features to help merchants reach and retain customers. Shopify supports thousands of third-party apps and offers developer-friendly APIs for custom solutions. With world-class checkout technology, Shopify powers over 150 million high-intent shoppers worldwide. Its reliable, scalable infrastructure ensures fast performance and seamless operations at any business size.
Simple, Secure Domain Registration
Register or renew your domain and pay only what we pay. No markups, hidden fees, or surprise add-ons. Choose from over 400 TLDs (.com, .ai, .dev). Every domain is integrated with Cloudflare's industry-leading DNS, CDN, and free SSL to make your site faster and more secure. Simple, secure, at-cost domain registration.
