SELinux security software
Application
SELinux is an extension for Linux-based operating systems in the sense of Mandatory Access Control (MAC). The security software protects the system against the execution of unauthorized processes or functions (such as viruses and other malicious software).
The machine manufacturer defines the SELinux settings in the Security Policy Configuration window.
Related topics
- Security settings with firewall
Description of function
To navigate to this function:
Settings Operating System SELinux
By default, SELinux access control is implemented as follows:
- The control executes only programs that are installed with the HEIDENHAIN NC software.
- Safety-relevant files, such as SELinux system files or HEROS boot files, may only be modified using explicitly selected programs.
- New files created by other programs may not be run.
- USB data carriers can be deselected.
- Only two processes can run new files:
- Software update: A software update from HEIDENHAIN can replace or modify system files.
- SELinux configuration: The configuration of SELinux in the Security Policy Configuration window is usually protected by a password defined by the machine manufacturer. Please refer to the machine manual.
Note
HEIDENHAIN recommends using SELinux as additional protection against attacks from outside the network.
Definition
Abbreviation | Definition |
---|---|
MAC (mandatory access control) | MAC means that the control performs only explicitly permitted actions. SELinux is intended as protection in addition to the normal access restriction in Linux. Certain processes and actions can be performed only if the standard functions and access control of SELinux permit it. |