|
|
| (102 intermediate revisions by 19 users not shown) |
| Line 1: |
Line 1: |
| == Security ==
| | {{header|docs}}{{Docs_beat_open}} |
| | | [[Category:Docs Project]] |
| This section highlights various security items from Fedora.
| | [[Category:Draft documentation]] |
| | | [[Category:Documentation beats]] |
| === Security Enhancements ===
| |
| | |
| Fedora continues to improve its many proactive [http://fedoraproject.org/wiki/Security/Features security features] .
| |
| | |
| === SELinux Enhancements ===
| |
| Different roles are now available, to allow finer-grained access control:
| |
| * <code>guest_t</code> does not allow running setuid binaries, making network connections, or using a GUI.
| |
| * <code>xguest_t</code> disallows network access except for HTTP via a Web browser, and no setuid binaries.
| |
| * <code>user_t</code> is ideal for office users: prevents becoming root via setuid applications.
| |
| * <code>staff_t</code> is same as <code>user_t</code>, except that root access via <code>sudo</code> is allowed.
| |
| * <code>unconfined_t</code> provides full access, the same as when not using SELinux.
| |
| | |
| As well, browser plug-ins wrapped with <code>nspluginwrapper</code>, which is the default, now run confined.
| |
| | |
| === Security Audit Package ===
| |
| Sectool provides users with a tool that can check their systems for security issues. There are libraries included that allow for the customization of system tests. More information can be found at the [https://fedorahosted.org/sectool project home].
| |
| | |
| === General Information ===
| |
| | |
| A general introduction to the many proactive security features in Fedora, current status, and policies is available at http://fedoraproject.org/wiki/Security.
| |
| | |
| {{/SELinux}}
| |
| {{/FreeIPA}}
| |
