New tool eases SELinux policy setup

* Treysys Brickwall Security Suite

A new tool is available for Linux administrators interested in Security Enhanced Linux, but hesitant to deploy the technology due to its complexity. The software is Treysys Brickwall Security Suite, developed by Treysys, a Linux security software company specializing in SELinux development.

The Brickwall product provides a console-based management interface for creating and installing security policies and rules with SELinux. SELinux - first developed by the National Security Agency - is not a Linux distribution, but a security overlay on an existing Linux distribution such as Red Hat Enterprise Linux 4 (RHEL4). SELinux allows users to create policies that could limit what applications running on a machine can do, or what users can access certain applications or operating system components.

The problem with SELinux, some developers say, is that learning how to implement the technology is difficult. Writing policies for SELinux can be tricky, and it's easy to misconfigure an SELinux policy, which could inadvertently cause applications or services to become unavailable.

Brickwall gives users a graphical tool to define network access settings for specific applications on a Linux server, with built-in logic that makes the policies safe to implement, the software developers say. Linux system file protection policies and safeguards can also be set up through the software.

Treysys is offering three editions of Brickwall: Standard, Professional and Enterprise. Each is geared to work with RHEL4, which comes with SELinux support. The Standard Edition of Brickwall is a free download, and can be used on a single system, providing basic application-layer firewalling. Professional ($250) adds file access safeguards and more customizable policies. The Professional Edition ($5,000 for 10 licenses) allows users to create groups of RHEL4 servers, or profiles, and apply SELinux on a large scale. Remote management of SELinux policies is also possible with the Professional version.

Get the product here.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.