Using SELinux to Prevent Rootkits
Implementing Security-Enhanced Linux - often referred to as SELinux - is a great way to increase the control you have over access to your system, helping to prevent rootkits and other types of malware from being installed by a malicious actor who has gained administrative access to your system. SELinux is a highly fine-grained mandatory access control (MAC) system that is capable of restricting access to resources on the system beyond what traditional discretionary access control (DAC) methods such as file permissions or access control lists (ACLs) can achieve. For example, there is no reason that a web browser should require access to an SSH key, so in SELinux this information simply wouldn’t be provided to the web browser.
SELinux has now been adopted by various Linux distributions including Fedora, Debian and Ubuntu. Despite the fact that SELinux is very technical and can be difficult to use, the increasingly popular security architecture offers significant benefits for system administrators and users willing to endure the learning curve.