Linux Security Modules

The Linux Security Modules (LSM) functionality is a standardized framework that allows the kernel to check access requests and calls against a loadable module acting as an external security mechanism. This has brought about a long-needed change from the standard and very basic UNIX access control to a more complex and potentially secure Discretionary Access Control (DAC) or Mandatory Access Control (MAC) model. By comparison, a weak example of DAC is the standard *NIX access control and a weak example of MAC is SELinux. At present, the only options available in Linux distributions tend to be SELinux or AppArmour.

If you are not specifically using LSM, make sure you disable it as it provides a great avenue for rootkits to be introduced onto a system. Unfortunately, this will probably mean recompiling your kernel as distributions appear to be enabling this by default.

If you are looking for stronger security, you should also review GRSecurity and Rule Set-Based Access Control (RSBAC).

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment