diff --git a/benchmarks/mandatory-access-control/5.2-ensure-SELInux-policy-is-configured.md b/benchmarks/mandatory-access-control/5.2-ensure-SELInux-policy-is-configured.md index ea1d651d712db4237d9a64ce19d8856371594ccf..3e6c8c9adf968d45506b31389a81fddd5cb8464a 100644 --- a/benchmarks/mandatory-access-control/5.2-ensure-SELInux-policy-is-configured.md +++ b/benchmarks/mandatory-access-control/5.2-ensure-SELInux-policy-is-configured.md @@ -22,6 +22,7 @@ SELINUXTYPE=mls ``` 如果您需要限制较少的策略,可在 /etc/selinux/config 文件中设置它们 + ## 扫描检测 1. 使用以下命令查看SELinux使用的默认策略: diff --git a/benchmarks/mandatory-access-control/5.6-use-selinux-for-separation-of-powers-user-created.md b/benchmarks/mandatory-access-control/5.6-use-selinux-for-separation-of-powers-user-created.md index 24bdaa2d92d725bcbe99145113af6a0abd1f329d..2d307dea7e8441b9a883d76a638f22c92a468c19 100644 --- a/benchmarks/mandatory-access-control/5.6-use-selinux-for-separation-of-powers-user-created.md +++ b/benchmarks/mandatory-access-control/5.6-use-selinux-for-separation-of-powers-user-created.md @@ -2,6 +2,7 @@ ## 安全等级 - Level 3 + ## 描述 > * 当前,Linux操作系统已广泛应用于各种设备和产品中,如服务器、PC机、机顶盒及路由器等。随着Linux系统的不断发展和广泛应用,Linux系统的安全问题也引起越来越多的关注。 diff --git a/benchmarks/mandatory-access-control/5.7-use-selinux-for-separation-of-powers-system-administrator-login-permission-configuration.md b/benchmarks/mandatory-access-control/5.7-use-selinux-for-separation-of-powers-system-administrator-login-permission-configuration.md index 133eea811d56061464a57008a185abdca292e317..4fd9dc061f6b87af56b09d47611e42f853180a38 100644 --- a/benchmarks/mandatory-access-control/5.7-use-selinux-for-separation-of-powers-system-administrator-login-permission-configuration.md +++ b/benchmarks/mandatory-access-control/5.7-use-selinux-for-separation-of-powers-system-administrator-login-permission-configuration.md @@ -2,6 +2,7 @@ ## 安全等级 - Level 4 + ## 描述 > * SELinux (security-enhanced Linux)是安全增强的Linux,以强制访问控制(mandatory access control, MAC)技术为基础,应用类型增强(type enforcement, TE)和基于角色访问控制(role-base access control, RBAC)两种安全策略模型。通过MAC技术可以实现对用户和进程权限的最小化,即使在系统受到攻击或者进程和用户的权限被剥夺的情况下,也不会对整个系统的安全造成重大影响。SELinux对访问的控制更彻底,它对系统中的所有文件、目录、端口资源的访问控制都基于一定的安全策略而设定。只有管理员才能定制安全策略,一般用户没有权限更改。因此SELinux为三权分离思想的实现奠定了基础。 diff --git a/tools/release/nameversion.json b/tools/release/nameversion.json index 6fc5a626d55501182ea723db6c4311f879a30780..3ff1b7cc26973bf5e02c0ce66e40e807fb07f31b 100644 --- a/tools/release/nameversion.json +++ b/tools/release/nameversion.json @@ -1,4 +1,4 @@ { - "title": "Anolis OS 8 Server Best Practice", + "title": "Anolis OS 8 Server Security Best Practices", "version": "1.0.0" }