Hello,

We have installed RHEL 5.4 on our servers and everything is running fine. Now I have gone through various server hardening checklist and most of them suggest to enable SELinux. We have several services running on Linux box. Now my question is, do we have to make any chagnes to the existing configurations if we enable SELinux. Or we just enable SELinux and leave it as it is. Because I have had prior experiences where SElinux will stop many services and restrict access to many libraries when enabled.

Thanks in Advance.

While running earlier incarnations of SELinux indeed would have been harder I'd say in general not so hard as to make using it impossible as you could always have extended your local policy. The easiest start IMHO would have been to run RHEL 5U5, as it is the current version with all kernel, policy, userland fixes included, and SELinux enabled right from the start, as that would keep things in sync and help you catch exceptions earlier. If this machine is in production you might want to use a staging or virtual machine instead, enable SELinux in permissive mode, restore contexts and watch your messages and audit logs for problems.