Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy





The Linux kernel supports different security models by providing hooks and letting you build in your choice of model. At the moment, only a few models come with the default kernel source tree, but developers of new models are working on getting more accepted.

Default Linux Capabilities

The standard type of security model for Linux is the "capability" model. You should always select this option unless you really want to run an insecure kernel for some reason.

To enable it:

Security options
    [*] Enable different security models
    [*]   Default Linux Capabilities


A very popular security model is called SELinux. This model is supported by a number of different Linux distributions.

SELinux requires that the networking option be enabled. See the section called “Networking” to enable this.

SELinux also requires that audit be enabled in the kernel configuration. To do this:

General setup
    [*] Auditing support

Also, the networking security option must be enabled:

Security options
    [*] Enable different security models
    [*]   Socket and Networking Security Hooks

Now it is possible to select the SELinux option:

Security options
    [*] Enable different security models
    [*] NSA SELinux Support

There are also a number of individual SELinux options that you might wish to enable. Please see the help for the individual different items for more descriptions on what they do in.

Security options
    [*] Enable different security models
    [*] NSA SELinux Support
    [ ]   NSA SELinux boot parameter
    [ ]   NSA SELinux runtime disable
    [*]   NSA SELinux Development Support
    [*]   NSA SELinux AVC Statistics
    (1)   NSA SELinux checkreqprot default value

  Published under the terms of the Creative Commons License Design by Interspire