Scribd
Upload
4 views

Security and Compliance Tools

Uploaded by

Arnoldo Trujillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
4 views

Security and Compliance Tools

Uploaded by

Arnoldo Trujillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Some security tools that relate to RHEL include:

Security-Enhanced Linux (SELinux)

OpenSCAP (for compliance scanning and remediation)

Application allowlisting

System-wide cryptographic policy management

Security-Enhanced Linux (SELinux)

To review, Security-Enhanced Linux (SELinux) is a security architecture for Linux


systems that allows administrators to have more control over who can access the
system.

SELinux defines access controls for the applications, processes, and files on a
system. It uses security policies, which are a set of rules that tell SELinux what
can or cannot be accessed, to enforce the access allowed by a policy.

With SELinux, RHEL users can do the following:

Apply fine-grained level of control over files, processes, users, and applications

Customize per application or container

Help prevent inappropriate privilege escalations

Enforce data confidentiality and integrity, as well as protect processes from


untrusted inputs

Provide container separation and protection

OpenSCAP (for compliance scanning and remediation)

OpenSCAP assists administrators and auditors with assessment, measurement, and


enforcement of security baselines. OpenSCAP uses Security Content Automation
Protocol (SCAP), which are specifications maintained by the National Institute of
Standards and Technology (NIST). With OpenSCAP, RHEL users can:

Perform configuration and vulnerability scans on a local system to validate


compliance
Generate reports and configuration baselines
Automatically remediate systems that have been found in a noncompliant state
Continued
Application allowlisting

Application allowlisting (fapolicyd) helps RHEL users prevent unauthorized access.


With application allowlisting, users can:

Predetermine trusted programs authorized to run on a machine or network

Detect modified apps or prevent modified apps from running

Leverage predefined policy for most use cases

System-wide cryptographic policy management


Starting with RHEL 8, RHEL includes a set of system-wide cryptographic policies,
which can limit the need for application-specific policies and tuning.
Administrators can choose from a small set of predefined policies. These
cryptographic policies help RHEL users avoid security risks associated with
inconsistent or outdated cryptographic policies such as those related to legacy
features.

This set of policies is applied consistently to running services and is kept up-to-
date as part of the software updates, to stay on par with cryptographic advances.

Additionally, the selected-as-default policy is a conservative policy, which


eliminates a class of threats by disabling legacy communications protocols such as
TLS 1.1 and earlier versions.

You might also like