WEBVTT

00:01.380 --> 00:05.070
There are three modes of operation for SC Linux.

00:05.070 --> 00:09.300
The first is disabled in this mode.

00:09.510 --> 00:18.300
SC Linux isn't running at all which means the default discretionary access controls are the only mechanism

00:18.300 --> 00:21.930
to secure the operating system.

00:21.930 --> 00:25.930
The next mode is permissive in this mode.

00:26.080 --> 00:37.780
SC Linux is turned on and run in policy but the policy is not being enforced here.

00:37.900 --> 00:46.230
I see Linux simply observes everything that's going on and logs policy violations.

00:46.260 --> 00:54.540
This mode is very useful if you've got the new application that you need to test on your server and

00:54.540 --> 01:01.290
you're not exactly sure how as C Linux will affect said application.

01:01.290 --> 01:07.950
So what do you do in this case you go ahead and install the application and then you can investigate

01:08.010 --> 01:13.640
the log files for policy violations in this mode.

01:13.680 --> 01:19.290
All objects get leave built with a C Linux security contexts just the same.

01:21.410 --> 01:24.250
The final mode is enforcement.

01:24.530 --> 01:31.760
This is the only mode in which I see Linux actually truly protects the operating system.