Security Enhanced Linux (Selinux), Chroot Jail, and Iptables Three of the most important types of Linux security technologies are Security Enhanced Linux (SELinux), chroot jail, and iptables. This security measures aide in the subversion of theft and malicious activity. We will discuss these items in depth to address who created them and for what reason. Along with how these technologies changed the operating system to enforce security, and the types of threats that these security systems are design to eliminate. Security Enhanced Linux was released in December of 2000 from the National Security Agency (NSA), under the GNU general public license. SELinux is not a Linux distribution; it is a set of kernel modifications and tools that can be added to a variety of Linux distributions. SELinux is currently a part of Fedora Core, and it is supported by Red Hat. Incarnations of SELinux packages are also available for Debian, SuSe, and Gentoo.
Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible Mandatory Access Control (MAC). The Chroot system call was introduced during the development of Version 7 Unix in 1979, and added by Bill Joy on 18 March 1982, a year and a half before 4.2BSD was released in order to test its installation and build system. A chroot on a UNIX based operating systems, like Linux, is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name or access files outside the designated directory tree.
On a web server, it is very useful for the security of shared hosting accounts. Without a chroot jail a user with limited file permissions can navigate to the top level directories. Although that user does not have permission to make changes, they can invade the files and access information. An important use of chroot is it’s utilization within virtual environments. In a Virtual Private Server, the user has a complete operating system within a chroot directory.
This user has root privileges for his or her own account, but can’t access higher directories or be aware of their existence. Virtualization is great for test environment that can be set up in the chroot for software that might be too risky to deploy on a production system. Virtual environments are often used for compatibility issues. Legacy software or software using a different interface must sometimes be run in a chroot because their supporting libraries or files may otherwise clash with those of the host system. Also chroot is often used for recovery purposes. A chroot can be used to move back into a damaged environment after bootstrapping from an alternate root file system. Elevated Privileges in iptables are required for operation, and root user must be used or iptables will not function.
With most Linux systems, iptables is installed as /usr/sbin/iptables and documented in its man page, which can be opened using man iptables. There is a set of user interface tools that can be used to manage your system’s security profile in a more user friendly manner. The user interface firewall management tools include Bastille, and GUI tools with like KDE’s Guard dog. There are Linux distributions whose main purpose is to provide a GUI front end to iptables with a variety of configurations.
Iptables allows the system administrator to define tables containing chains of rules for the treatment of packets. Each table is associated with a different style of packet processing. Packets are processed by sequentially traversing the rules in chains. A rule in a chain can cause a goto or jump to another chain, and this can be repeated to whatever level of nesting is desired and every network packet arriving at or leaving from the computer traverses at least one chain.
Where I found the information at
Linux Security Technologies Selinux Chroot Jail Iptables Term Paper