Documentation


Viewing posts for the category Omarine User's Manual

SELinux with omarine policy: SELinux User Capabilities

Unlike Linux users where each user has a specific name like tho, emin, SELinux user is a group of users that have the same capabilities in terms of security context. For example, the standard SELinux user is user_u, the administration staff is staff_u. By convention, SELinux user names usually end with _u. The special case, the Linux root user corresponds to root in SELinux, still. The SELinux user name is the first part of the security context.

SELinux with omarine policy: Gnome terminal: Fixing the security context

Gnome terminal is GNOME terminal emulator. It works based on Gnome terminal server using dbus. By default, the bus is the system bus, so if you are currently using seuser user_u with the complete context as user_u:user_r:user_t:SystemLow(s0), you will see the Gnome terminal server running in init_t domain with complete context as follows:

SELinux with omarine policy: Secure login into a security context using ssh

When you run Omarine 5.0 for the first time, the autorelabel service will start. It takes a few minutes (usually 2-3 minutes) to relabel the entire file system. During this initial launch the system will operate in permissive mode. From next time on, the system will run in enforcing mode, which means that the security policy, security server and other parts of the whole SELinux system will apply in practice, not just audit.

Cyber security: Unpredictable Random Number Generator

Random Number Generator is an important factor of security activity to create cryptographic keys and passwords.

Cyber security: Monitor file integrity

In addition to ClamAV antivirus, Omarine 4.0 provides Tripwire package to monitor the integrity of the files in the system. The monitoring policy is derived from /etc/tripwire/twpol.txt, a plain text file that you can edit.