LSM

Jan 1, 0001

Definition

Linux Security Modules (LSM) is a framework that allows the Linux kernel to support a variety of computer security models. It provides a mechanism for enforcing access control policies that limit the capabilities of processes and users. LSM enables the integration of different security modules, such as SELinux, AppArmor, and Smack, to enhance the security posture of a Linux system by implementing mandatory access controls (MAC).

Secure Settings Example

# Enable SELinux in enforcing mode for strict access control
sudo setenforce 1

# Ensure SELinux is set to enforcing mode in the configuration file
echo "SELINUX=enforcing" | sudo tee /etc/selinux/config

Insecure Settings Example

# Disable SELinux, leaving the system vulnerable to unauthorized access
sudo setenforce 0

# SELinux set to permissive mode, which logs actions but does not enforce policies
echo "SELINUX=permissive" | sudo tee /etc/selinux/config

LSM

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter