LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-29-2016, 10:31 PM   #1
linux-man
Member
 
Registered: Nov 2016
Distribution: zorin core on vm
Posts: 157

Rep: Reputation: Disabled
How to addon SELinux to Debian?


Where do I need to go to add on SELinux?
for Debian
 
Old 11-30-2016, 02:37 AM   #2
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,327

Rep: Reputation: 965Reputation: 965Reputation: 965Reputation: 965Reputation: 965Reputation: 965Reputation: 965Reputation: 965
You just install the policy and a few tools. Read the selinux man page. There is a flag file you create that tells linux to label the file system for selinux. You can control selinux with two boot parameters in the kernel line if grub: selinux=1,0 and enforcing=1,0; but it's 1 or 0. 1 means on and 0 means off.
 
Old 11-30-2016, 02:05 PM   #3
c0wb0y
Member
 
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 417

Rep: Reputation: 74
As far as I know, SELinux is unsupported on current Debian stable. Perhaps it would be supported on next release?
 
Old 12-01-2016, 11:38 AM   #4
DavidMcCann
LQ Veteran
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Xubuntu
Posts: 5,032

Rep: Reputation: 1659Reputation: 1659Reputation: 1659Reputation: 1659Reputation: 1659Reputation: 1659Reputation: 1659Reputation: 1659Reputation: 1659Reputation: 1659Reputation: 1659
SELinux is built into the kernel, so it is there in Debian: just disabled. This page has the links to instructions on how to set it up.
http://wiki.debian.org/SELinux

Note the warning that Debian doesn't do much testing of SELinux "so you might run into quite some issues". That sounds ominous! Do you really need SEL? That really is Linux for paranoids: it was developed for the use of government security agencies. Personally, I'd say that if you do need it for some mysterious reason, you should be running CentOS, where it's enabled by default.

The protection system used by Debian is AppArmor:
http://wiki.debian.org/AppArmor/HowToUse
This is considered to be easier, if not quite so powerful: see the Wikipedia articles on both systems.
 
Old 12-01-2016, 11:22 PM   #5
c0wb0y
Member
 
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 417

Rep: Reputation: 74
Having SELinux support in the kernel is not enough. You got to need the tools, applications compiled against it and policies that makes SELinux usable to end users.
 
Old 12-24-2016, 01:54 AM   #6
dac.override
LQ Newbie
 
Registered: Oct 2016
Posts: 9

Rep: Reputation: Disabled
Using SELinux on Debian Stretch is great as Stretch provides the latests versions of the essential tools like SETools3, and the SELinux User Space utilities and libraries version 2.6. Not even Fedora Rawhide has these, so in that sense Debian has the advantage.

To complement the above I have created a policy model that, I would argue, is (close to) perfect for a community distribution such as Debian. The model provides a a solid base to build upon. By default it does not block much so if you do not actually use it, you probably wont even notice it is there. The purpose is to lower the barrier of entrance though. Meaning, You can have SELinux enabled and at your disposal, but not use it or use it at your own pace to address your own security challenges. It makes it accessible. You can compare it to the default iptables config in Debian where your tables are empty but set to allow by default. Unless you are aware of iptables you will not notice its presence, however it is there and ready to be used.

The only thing one really hs to do is to learn what security challenges SELinux helps to address, Learn how SELinux helps to address the aforementioned access control challenges, and learn how to speak to, and listen to SELinux.

Here is a blog post with instructions and demo videos:

https://doverride.blogspot.nl/2016/1...h-my-name.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian Squeeze: Cannot have Flashgot Iceweasel addon detecting media streams Windows Or Linux Linux - Newbie 5 01-17-2012 01:59 PM
Implementing SeLinux on Debian 5 (Lenny) -- can't install "selinux-basics" bashFUL Linux - Security 3 10-17-2011 01:16 AM
Tomboy/ Glib -related SELinux problem? on Debian Squeeze spoovy Linux - Security 2 09-06-2010 04:38 AM
[SOLVED] Debian and SELinux Vijay Kadam Linux - Newbie 1 09-03-2010 04:08 PM
SELinux on Debian blocks dhcp, 3D Lord Estraven Linux - Software 9 10-08-2008 04:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration