SELinux allows you to define permissions to perform certain operations at the level of individual processes, users, groups, sockets, and so on by placing the calls of their control mechanisms on critical core locations.
This increases the requirements of the system on control mechanisms, but it is possible to prevent the program from performing a potentially dangerous action that can lead to increased privileges of the attacker. SELinux is not a Linux distribution, but a set of adjustments and modifications of the core of the system itself, including addition of user tools.
SELinux implements MAC as a complement to a classic DAC system that uses Unix systems. SELinux meets the TCSEC criteria for a trustworthy server.
SELinux enforces the security policy defined by administrator over all entities and objects in the system. This allows you to set up smoother access rights to data and prevent changes, whether intentional or unintentional. SELinux was developed by the NSA.
Suitable e.g. for banking institutions, academic servers, laboratories, corporate servers, and generally wherever maximum security is required.
The secure server package also includes:
- Above-standard Firewall with professional DOS / DDOS security and full administration.
- Data integrity tracking. Periodically, the whole file system or its parts are reviewed and file signatures are stored on an external non-rewritable medium. If the files are changed during the next review, an administrator intervention is needed to confirm / reject the reason.
- Log-management - Realtime logs analysis and their archiving for analysis. The logs can be used to see if there have been any changes or attempts to do so, and correspondingly respond.
- Advanced Monitoring - monitors the availability of services, but also registered users, running processes and several hundred other states.
- Access Control - an automatic system to block access in case of repeated attempts to illegitimate access.
- KVM virtualization (Kernel-based Virtual Machine)
- Guaranteed memory 18 GB RAM
- Guaranteed olace on physical disc, System + Data 200GB
- Guaranteed 4x CPU 2.6 GHz
- 4x IPv4 address, IPv6, rDNS
- Operation system RedHat nebo CentOS
- Unlimited Traffic
- IMAGE and data backups
- Without SSH access.
Due to the scope of server management, only an annual payment period is possible.