I was wondering why most of the guides for this disable the firewall on the intended server at the beginning of the setup. Some guides say it will only cause problems and others say it is too much work to configure so they just turn it off. Isn't this a huge security violation of good practices when securing your servers? Just want people's opinions on this and also what they feel it would take to properly configure a linux DC with the local firewall enabled.

I would like to point out that SELinux is not a firewall. SELinux is a system that acts like super-permissions; it watches what goes on within the OS and blocks potentially malicious activities. It's really more like a proactive anti-virus system, but that's not the best description.

Anyway, the reason a lot of people disable it is because it's kind of a bitch to get working correctly. In many circumstances, it will block perfectly legitimate actions, requiring the admin to fix permissions, rebuild rule sets, blah blah blah...

In my experience, it's a calculated risk. You really should leave it enabled, but it's not the end-all and be-all of security. If your server is public-facing, I would highly recommend just bearing down and getting it to work.

P.S. If you're looking for information on how to configure the real Linux firewall, look into iptables.

You are right about it not being the firewall. My terminology is off in my orginal statement. That makes sense now that you mention it being a monitoring system. Much like an HIDS (Host Intrusion Detection System) just without the administrator notification portion i guess. I had actually forgotten about iptables so it makes more sense now as to why people would set SELinux to disable it. Do you know of any documentation for configuring SELinux? I have ran through the setup process before but am looking for other ideas as well.

---------- Post added 10-24-11 at 12:52 PM ----------

You are right about it not being the firewall. My terminology is off in my original statement. That makes sense now that you mention it being a monitoring system. Much like an HIDS (Host Intrusion Detection System) just without the administrator notification portion i guess. I had actually forgotten about iptables so it makes more sense now as to why people would set SELinux to disable it. Do you know of any documentation for configuring SELinux? I have ran through the setup process before but am looking for other ideas as well.

A quick google search is all you need:
http://hackinglinux.blogspot.com/200...-tutorial.html
http://magazine.redhat.com/2007/08/2...policy-module/

But generally, I will put it into permissive mode and use auditd to see what needs policy mods. Once I implement those, I'll put it back into enforcing mode. Then you just have to monitor the audit log any time there's an issue. Things that often gave me trouble were php access to the filesystem and my non-standard html root directory.

1 members found this post helpful.