How to create SElinux policy

SElinux is a security mechanism introduced in Linux OS as an extra security layer. There are probably many things to be mentioned about selinux so I’m not going to discuss about the main concepts that make up selinux such as labeling and targeting. I’ll show you in this article how to create a new selinux policy (also known as module) and install it on a machine.

You can check the selinux status by typing getenforce without any parameters. You can then use setenforce 0 command to change it to permissive or setenforce 1 again to enforce it:

selinux

selinux status

All SElinux messages are logged in /var/log/audit/audit.log, you can inspect this file to determine what applications are blocked from interacting with the Operating System. /var/log/messages is another location in which you can find useful information about selinux logs. As you will probably see, the log file contains a bunch of information that is hard to read, you can use the audit2allow -w -a command to display a more friendlier output. This command will parse the audit.log file ( -a parameter) and then will create a friendlier output (-w parameter) that looks something like:

SElinux

selinux policy

In SElinux context all log messages are named AVC so you will see them everywhere in the audit log file.

You can view all SElinux  rejected accesses using the audit2allow -a command:

SElinux

How to create SElinux policy

This command can also be used to parse the log file then create a module that can be imported by SElinux to allow access. Execute audit2allow -a -M module_name to create a new SElinux module. I’ve named mine zabbixdiamond and placed it in my home directory. The command will create two files, one with .pp and another one with .te extension:

audit2allow -a -M zabbixdiamond

SElinux module

selinux policy files

You can view the content of the selinux module by executing cat zabbixdiamond.te command. As you can see from the image below, the module contains all the rules that are needed by SElinux to allow this particular AVC :

How to create SElinux policy

how to create selinux module

All that’s left now is to install the module using the following command: semodule -i zabbixdiamond.pp. If you encounter an error saying something that “global requirements are not met” it means that SElinux already has a module with a similar name installed on the machine so you’ll need to change its name:

How to create SElinux policy

how to install selinux module

In this case you will have to restart the procedure and create a new SElinux module with a different name. To check what modules are installed on the server use semodule -l. You can expand this command and search for a particular SElinux module with semodule -l | grep zabbixdiamond . In this way you also verify if a SElinux module has been successfully loaded in the OS.

Execute again audit2allow -a and see if the AVCs are now allowed in SElinux:

How to create SElinux policy

audit2allow command with selinux

That’s about it for this article folks, hope it will serve you well in creating SElinux policies. Wish you all the best!

How to use Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer or MBSA is a tool that System Administrators may use to detect possible security vulnerabilities on their workstations. MBSA works closely with WSUS or SCOM servers to detect missing updates on Windows Desktop computers. You can use this tool to manually create a health report for each of your network’s devices. The tool offers a fast and reliable way to create system reports that can later be used to increase network security.
You can download the Microsoft Baseline Security Analyzer from Microsoft’s website. The tool is easy to install and configure, just double click it and follow the Wizard instructions. Once the software has been installed, open it to check out its interface.
MBSA offers two ways to scan your devices: scan a computer using its name or IP address or scan multiple computers using a domain name or a range of IP addresses. For this demonstration I will use the first method so simply click on Scan a computer from the left side of the panel:
Baseline Security Analyzer
Simply type in the computer’s name or its IP address and set the security report name. From the Options section you can choose what checks will be performed on the specified machine. Once all options have been checked, simply press the Start Scan button:
Baseline Security Analyzer tutorial
The report offers an overview of installed updates on your workstations.
Microsoft Baseline Security Analyzer
There are other tools that can be used to achieve similar results but, Microsoft Baseline Security Analyzer is fast and easy to use. That’s about it for this article folks, wish you all the best and stay tuned for the following articles.

Top Ten Antivirus of 2013

Anti-virus is a software that keeps your system protected and away from bugs, viruses and external attacks that can harm your system and effect its health. It is necessary to install an anti-virus whenever you buy a system to maintain its good health.
A virus is very contagious for the health of your system. If you get a virus, you will end up in corrupted files all over in your PC which will lead to corrupted window and you will eventually lose all your important data and will have to boot the window again.
This will not only waste your precious data, but money and time as well. So one should make it a rule of thumb to install a good antivirus as a protection source in his system.
An antivirus automatically safeguards the system and prevent it’s from external attacks. It automatically grabs the virus and infected programs and trap them in their chest box. Then they ask you whether to release them or to kill them.
You can also make antivirus protection manual by disabling the automatic protection shield. In this scenario you will yourself have to scan your system frequently. It also gives you an option to scan the specific programs and files saved in your system.
These are the some common features of an antivirus. Almost all the antivirus software work on these basic principles. However, developers add few special features by themselves using their own thinking and creativity hence making an anti-virus more effective.
Antivirus
On the basis of performances, reviews, surveys and public opinion, the following antivirus software were rated the top ten antivirus of the year 2013. These made the maximum business worldwide. However, the ranking keeps on changing every time when a software update is launched. Here is the list of top ten anti-virus software of 2013 till now.
  •       Bit defender antivirus plus
  •       Kaspersky antivirus
  •       Norton antivirus
  •      F-secure antivirus
  •      G data antivirus 
  •      Bull guard antivirus 
  •       AVG antivirus 
  •      Avast antivirus pro
  •    Trend Micro titanium antivirus
  •    Viper antivirus
All of these are evaluated on the basis of protection, usability, features and help and support, each of them has the basic features of protection and scanetc. With some additional specialized features of usability, space, performance and other features that make it best to use and favorite among the public.
These rankings change with time to time as any antivirus get updated and becomes better. There is a lot of competition in the world of software development. Anti-virus is a necessity of these days. Its demand is more than any software.
Axen is professional writer and also working as a online marketer. Currently he is working with Ibiza holiday.
Therefore, different companies and developers launch their antivirus software keeping in view the flaws of the already hit software and demands of the people which they get to know through online surveys, reviews and feedbacks. This let them develop an optimized solution in a form of anti-virus beating up the already top anti-virus. In this way competition continues resulting in better software.