LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

View Poll Results: For you, what state is selinux in?
Enforcing 6 26.09%
Permissive 2 8.70%
Disabled 5 21.74%
Not even installed 10 43.48%
Voters: 23. You may not vote on this poll

Reply
 
Search this Thread
Old 09-30-2011, 01:59 PM   #1
sam42
LQ Newbie
 
Registered: Mar 2004
Posts: 19

Rep: Reputation: 3
selinux opinion poll


If you use a linux distro which includes selinux by default, do you keep it Enforcing or Disabled?

I wonder how popular it is.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 09-30-2011, 02:18 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
The systems I have are currently using Apparmor instead. For the most part, I have followed the default profiles and tweaked them to correct the errors associated with having applications, like Bind access db directories in places like /var.
 
Old 09-30-2011, 06:31 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
Where available it'll be in enforcing mode. If the default targeted policy needs adjusting I'll create a local policy. If a networked daemon doesn't have a policy I'll create one. *Beware of vendor product documentation and stale tutorials on the 'net that advocate turning SELinux off completely as often that'll be based on deeply rooted misconceptions, sheer laziness, lack of knowledge or older versions of the current SELinux policies. SELinux has come a long way and management is significantly easier these days. **Phoronix recently tested SELinux performance and albeit on Fedora 15 and apart from HTTP serving the impact on performance was negligible.
 
3 members found this post helpful.
Old 10-01-2011, 12:25 AM   #4
John VV
Guru
 
Registered: Aug 2005
Posts: 12,597

Rep: Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677
I would just LOVE to see a supported ( well supported) se policy set on SUES

i installed SELinux on OpenSUSE 11.3
got it working BUT without the full support that fedora has it was a pain in the BLEEP ........
there were NO set polices i had to make EVERY single one of them and update EVERY one every time something was updated
and manually build the kernel for the updates .
but i would link to see more support for SElinux on SUSE

Last edited by John VV; 10-01-2011 at 12:26 AM.
 
Old 10-01-2011, 09:02 AM   #5
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Rep: Reputation: 82
I prefer GRsecurity to SElinux, as it seems easier and less a maintenance burden to me. GRsecurity's configurations is easy to understand and manage, at least. In addition, this tool includes PAX features.

It may be worth saying that I don't use it for important tasks.
 
Old 10-04-2011, 08:25 PM   #6
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 514

Rep: Reputation: 51
from my experience i see lots of admin folks shying away from SElinux because they do not understand the MAC model. i cant really answer the poll because i am a security consultant, not a sysadmin. most of my work is hand-off in nature so we take special precautions to do things that the ops/sysadmins teams feel comfortable with, etc.

Last edited by Linux_Kidd; 10-04-2011 at 08:31 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux errors, SELinux and wine ziphem Linux - Security 10 01-27-2011 04:15 PM
Selinux-how do i find out what domains have permissions on what type?(selinux policy) vishyc88 Linux - Security 2 11-22-2010 04:27 AM
"../system.h :selinux/selinux.h:no such file or directory" ashmita04 Linux From Scratch 4 02-05-2009 03:36 AM
Poll: (Without the poll) - How is Linux used in your workplace? SlowCoder General 13 09-11-2007 11:03 PM
General Opinion Poll On SUSE 10.1 peter_89 Suse/Novell 61 10-02-2006 10:08 AM


All times are GMT -5. The time now is 09:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration