This is the rpm version of SELinux. There are differences between the
rpm version and the NSA version.
1. The modified utilities are building from Red Hats latest version.
For example the openssh is not the NSA version, but the latest
release from Red Hat.
2. All of the modified utilities uses the rpm obsoletes and provides to
install the modified utilities. The utilities will install into the
standard location not /usr/local/selinux. This directory has been
removed from installation.
3. Directory Structure of the SELinux installation.
a. /etc/security
Standard SELinux place for default context files.
b. /etc/security/selinux/
Current Policy location.
c. /etc/security/selinux/src
Where the policy.conf file that was built from the
policy files and used to compile the policy.11 file.
d. /etc/security/selinux/policy
Where the entire selinux policy source files are
located.
e. /usr/share/doc/selinux/examples
Where the sample policy files are located. The
policy-rh7.3.tgz is the compressed tar file of the
policy to build the system policy. This was modified
from the original NSA example policy to work with
Red Hat 7.3. The policy directory is an original NSA
policy source files.
f. /usr/lib/selinux
Contains the files access_vectors, initial_sids, and
security_class. These files are used to build the
security policy.
g. /usr/lib/libsecure.a
The security library for SELinux.
h. /usr/include/selinux
The include files for SELinux
i. /usr/bin
All the extra SELinux program is placed here (i.e.
newrole, run_init and avc_toggle).
4. The root user was modified to use a default of user_r role instead
of sysadm_r. The root user is allowed to change role on login and
after login via newrole.
5. An added utility of newrules-selinux.pl. This perl script will read
the messages file for avc deny messages and show the rules that need
to be created to allow the denied access. You should examine the
rule before adding.
6. FreeSwan has been built for all kernels and is installed as a
module.
See: www.freeswan.org for more information on IPSEC and
freeswan.
7. SNARE has been built for all kernel and is installed as a module
See: www.intersectalliance.com/projects/Snare/ for more
information.
Rules to make snare like syslog were created
8. The modified GDM is included for this rpm installation. You can
use the graphical login right after installation.
9. The source RPM should not be install in the /usr/src/redhat. I
would use the relocate option for rpm. Once install the entire
distribution is built from one rpm spec file
selinux-2002082308.spec. The build can be build on a non selinux
system and will not install any program on the build system.
Feedback is much appreciated;
Mark Westerman
Mark.westerman@westcam.com
Other Useful Business Software
Our Free Plans just got better! | Auth0
You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
Gen AI apps are built with MongoDB Atlas
MongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
