Security
This section highlights various security items from Fedora.
Security Enhancements
Fedora continues to improve its many proactive security features.
http://fedoraproject.org/wiki/Security/Features
SELinux
The SELinux project pages have troubleshooting tips, explanations, and pointers to documentation and references. Some useful links include the following:
- New SELinux project pages: http://fedoraproject.org/wiki/SELinux
- Troubleshooting tips: http://fedoraproject.org/wiki/SELinux/Troubleshooting
- Frequently Asked Questions: http://docs.fedoraproject.org/selinux-faq/
- Listing of SELinux commands: http://fedoraproject.org/wiki/SELinux/Commands
- Details of confined domains: http://fedoraproject.org/wiki/SELinux/Domains
SELinux Enhancements
Different roles are now available, to allow finer-grained access control:
guest_tdoes not allow runningsetuidbinaries, making network connections, or using a GUI.xguest_tdisallows network access except for HTTP via a Web browser, and nosetuidbinaries.user_tis ideal for office users: prevents becoming root viasetuidapplications.staff_tis same asuser_t, except that root-level access viasudois allowed.unconfined_tprovides full access, the same as when not using SELinux.
Browser plug-ins wrapped with nspluginwrapper, which is the default, are confined by SELinux policy.
Security Audit Package
Sectool provides users with a tool that can check their systems for security issues. There are libraries included that allow for the customization of system tests. More information can be found at the project home:
https://fedorahosted.org/sectool
General Information
A general introduction to the many proactive security features in Fedora, current status, and policies is available at http://fedoraproject.org/wiki/Security.