LHQG is proud to announce the release of a set of SELinux policy modules aimed at protecting and confining processes and data of NoSQL Cassandra databases hosted on Linux servers.
These SELinux modules target organizations using the community version of the Cassandra database as well as organizations running the DataStax Enterprise (DSE) version including the OpsCenter management and monitoring solution.
The SELinux security policy our modules implement enforces the segregation of duties between tasks assigned to the system engineering and administration roles and tasks assigned to database administration and operation roles.
Each role is granted just the needed set of permissions required for its duty.
In the DSE version of Cassandra, potentially disruptive functions of the DataStax agent and of the OpsCenter are confined so that to align with the security requirements of sensitive/critical production platforms.
Configuration is protected from unplanned/unwanted changes, sensitive files remain undisclosed to unauthorized viewers, database files are kept protected from illicit accesses, backups are kept safe, log files are protected from suspicious deletion and unlicensed reads, processes and services can only be manipulated by authorized roles...
Our proposition:
- LHQG SELinux modules are distributed as RPM packages for Entreprise Linux distributions (RHEL, CentOS, Rocky, AlmaLinux,...) and also as DEB packages for Debian and Ubuntu.
- We propose maintenance options for both evolution and correction on our SELinux modules.
- We also propose integration and adaptation services to suit the specific needs of your organization.