| In recent years, Linux operating system develops very fast because of its outstanding performance ,stability,flexibility and extensibility brought by its characteristic of openning source code. More and more business products begin to adopt Linux system as their software platform. Because Linux system only provides classical discretionary access control (DAC) of Unix and partially supports capabilities security mechanism of POSIX.1e draft, its further developments and wider applications are affected. Linux security module (LSM) is a general framework of lightweight access control. LSM makes it possible for the different modules of security access control to be implemented in the forms of Linux kernel loadable modules to raise the flexibility and usability of Linux security access control mechanism greatly. This paper provides methods to enhance the security of file system,process management,kernel protection and network system of Linux under the framework of LSM and affords a solution for multiple-level security. Linux is usually used as a network operating system in servers. With the increasly widely use of Internet, Hackers are everwhere and network security faces more and more threats. So the security of Linux network protocol stack becomes more and more important. IPSec is an IP level security standford issued by IETF, which aims at providing cryptgraph-based security for IPv4 and IPv6. IPSec handles packets with high-strength security on IP layer, providing many security services such as data origin authentication ,connectionless data integrity ,data confidentiality ,replay-protection ,limited traffic flow confidentiality and so on. Using netfilter framework, this paper implements relatively complete IPSec protocol based on IPv4 protocol stack. Firewall is a group of security components setted between different networks (such as credible private network and unauthentic public network) or between different security areas. As the only passageway between different networks or between different security areas, firewall enforces access control (accept ,deny,monitor) on all informations flowing through the networks with powerful anti-attack... |
PDF Full Text Request