Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
|
View Poll Results: For you, what state is selinux in?
|
|
Enforcing
|
   
|
6 |
26.09% |
|
Permissive
|
  
|
2 |
8.70% |
|
Disabled
|
  
|
5 |
21.74% |
|
Not even installed
|
  
|
10 |
43.48% |
 |
09-30-2011, 01:59 PM
|
#1
|
|
LQ Newbie
Registered: Mar 2004
Posts: 17
Rep: 
|
selinux opinion poll
If you use a linux distro which includes selinux by default, do you keep it Enforcing or Disabled?
I wonder how popular it is.
|
|
|
|
|
Click here to see the post LQ members have rated as the most helpful post in this thread.
|
|
09-30-2011, 02:18 PM
|
#2
|
|
Senior Member
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,046
|
The systems I have are currently using Apparmor instead. For the most part, I have followed the default profiles and tweaked them to correct the errors associated with having applications, like Bind access db directories in places like /var.
|
|
|
|
|
09-30-2011, 06:31 PM
|
#3
|
|
Moderator
Registered: May 2001
Posts: 24,805
|
Where available it'll be in enforcing mode. If the default targeted policy needs adjusting I'll create a local policy. If a networked daemon doesn't have a policy I'll create one. *Beware of vendor product documentation and stale tutorials on the 'net that advocate turning SELinux off completely as often that'll be based on deeply rooted misconceptions, sheer laziness, lack of knowledge or older versions of the current SELinux policies. SELinux has come a long way and management is significantly easier these days. **Phoronix recently tested SELinux performance and albeit on Fedora 15 and apart from HTTP serving the impact on performance was negligible.
|
|
|
3 members found this post helpful.
|
|
10-01-2011, 12:25 AM
|
#4
|
|
Guru
Registered: Aug 2005
Posts: 9,533
|
I would just LOVE to see a supported ( well supported) se policy set on SUES
i installed SELinux on OpenSUSE 11.3
got it working BUT without the full support that fedora has it was a pain in the BLEEP ........
there were NO set polices i had to make EVERY single one of them and update EVERY one every time something was updated
and manually build the kernel for the updates .
but i would link to see more support for SElinux on SUSE
Last edited by John VV; 10-01-2011 at 12:26 AM.
|
|
|
|
|
10-01-2011, 09:02 AM
|
#5
|
|
Member
Registered: Aug 2011
Distribution: Slackware
Posts: 238
Rep:
|
I prefer GRsecurity to SElinux, as it seems easier and less a maintenance burden to me. GRsecurity's configurations is easy to understand and manage, at least. In addition, this tool includes PAX features.
It may be worth saying that I don't use it for important tasks.
|
|
|
|
|
10-04-2011, 08:25 PM
|
#6
|
|
Member
Registered: Jan 2006
Location: USA
Posts: 460
Rep:
|
from my experience i see lots of admin folks shying away from SElinux because they do not understand the MAC model. i cant really answer the poll because i am a security consultant, not a sysadmin. most of my work is hand-off in nature so we take special precautions to do things that the ops/sysadmins teams feel comfortable with, etc.
Last edited by Linux_Kidd; 10-04-2011 at 08:31 PM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 11:01 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
