SELinux security software

Application

SELinux is an extension for Linux-based operating systems in the sense of Mandatory Access Control (MAC). The security software protects the system against the execution of unauthorized processes or functions (such as viruses and other malicious software).

The machine manufacturer defines the SELinux settings in the Security Policy Configuration window.

Related topics

Description of function

To navigate to this function:

Settings Operating System SELinux

By default, SELinux access control is implemented as follows:

  • The control executes only programs that are installed with the HEIDENHAIN NC software.
  • Safety-relevant files, such as SELinux system files or HEROS boot files, may only be modified using explicitly selected programs.
  • New files created by other programs may not be run.
  • USB data carriers can be deselected.
  • Only two processes can run new files:
    • Software update: A software update from HEIDENHAIN can replace or modify system files.
    • SELinux configuration: The configuration of SELinux in the Security Policy Configuration window is usually protected by a password defined by the machine manufacturer. Please refer to the machine manual.

Note

HEIDENHAIN recommends using SELinux as additional protection against attacks from outside the network.

Definition

Abbreviation

Definition

MAC (mandatory access control)

MAC means that the control performs only explicitly permitted actions. SELinux is intended as protection in addition to the normal access restriction in Linux. Certain processes and actions can be performed only if the standard functions and access control of SELinux permit it.