SELinux - common facts
What do you think about SELinux?
Does it really mean a big increase in term of security? I would like to upgrade from rhel3 to rhel4 and I don't know if SELinux represents a big deal concerning security or it only creates the sensation of security. What do you think? ddaas |
The default SELinux config in Fedora (and AFAIK in RHL4) is really only a partial implementation of the original SELinux architecture. Currently only a certain number of daemons are using SELinux with a "targeted security policy". Overtime I imagine we'll see a more system-wide implementation. Right now it act as a nice additional layer of security, but I would certainly still advise hardening your system with measures outside of SELinux (I don't ever see it as a total replacement). It will be interesting to see if the LSM module and the kernel hooks themselves become targets in the next step of the "arms race". Along those lines, I'd recommend reading the brief commentary on LSM at the grsecurity site for an alternate perspective.
|
I've read about LSM at grsecurity and they don't consider it good.
What do you think? Are they right? Which do you think is better grsecurity or selinux? I was a litle bit impressed about Quote:
If no one did it untill now that means that SELinux is real good. But as you say: Quote:
|
All times are GMT -5. The time now is 05:39 PM. |