SELinux was developed by the United States National Security Agency. It was then released for open source development on December 22, 2000 and was merged into the main Linux kernel version 2.6.0-test3 on August 8, 2003. SELinux was designed to change the access control protocols for Linux users, to make them more secure and computer resources and applications less likely to be exploited.
Prior to the development of SELinux, systems used a form of DAC, Discretionary Access Control. In this set up, placed all clients into three categories: user, group, and other. If an application or file were "exploited," it would allow the current user to access the file(s) or application at the ...view middle of the document...
Chroot jail was introduced in Version 7 Unix in 1979. It is a very simple tool that can be implemented to disallow users from accessing any files they shouldn't be accessing, namely, anything only accessible to root.
It does this by, essentially, partitioning off the directories that the specific user needs to access. To the user, their /user directory would appear as the / directory. They wouldn't be allowed to access, or even see, anything higher than that. This stops users from getting into other users', or even the server's, file system. Without such tools, people could access anything, and everything, they wanted to on the network.
Another important tool that comes along with chroot jail, is virtualization. This can be done using a VPS, Virtual Private Server, where the user has access to an entire operating system installed within their chroot directory.
While this tool is great in keeping out most unwanted access, it is still susceptible to deliberate attempts to gain access to root. It does make it that much more difficult to exploit the network server for those not allowed.
This upgrade to the ipchains firewall/NAT package was created by Netfilter to correct the package's faults. The iptables firewall package added increased filtering and inspection processes, better integration with the Linux kernel, better network address translation, system logging, and rate limiting.
One of the biggest upgrades to the ipchains...