Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
The systems I have are currently using Apparmor instead. For the most part, I have followed the default profiles and tweaked them to correct the errors associated with having applications, like Bind access db directories in places like /var.
Where available it'll be in enforcing mode. If the default targeted policy needs adjusting I'll create a local policy. If a networked daemon doesn't have a policy I'll create one. *Beware of vendor product documentation and stale tutorials on the 'net that advocate turning SELinux off completely as often that'll be based on deeply rooted misconceptions, sheer laziness, lack of knowledge or older versions of the current SELinux policies. SELinux has come a long way and management is significantly easier these days. **Phoronix recently tested SELinux performance and albeit on Fedora 15 and apart from HTTP serving the impact on performance was negligible.
I would just LOVE to see a supported ( well supported) se policy set on SUES
i installed SELinux on OpenSUSE 11.3
got it working BUT without the full support that fedora has it was a pain in the BLEEP ........
there were NO set polices i had to make EVERY single one of them and update EVERY one every time something was updated
and manually build the kernel for the updates .
but i would link to see more support for SElinux on SUSE
I prefer GRsecurity to SElinux, as it seems easier and less a maintenance burden to me. GRsecurity's configurations is easy to understand and manage, at least. In addition, this tool includes PAX features.
It may be worth saying that I don't use it for important tasks.
from my experience i see lots of admin folks shying away from SElinux because they do not understand the MAC model. i cant really answer the poll because i am a security consultant, not a sysadmin. most of my work is hand-off in nature so we take special precautions to do things that the ops/sysadmins teams feel comfortable with, etc.
Last edited by Linux_Kidd; 10-04-2011 at 09:31 PM.