Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
For some time now, I usually just disable selinux on my machines that I setup (redhat / centos / fedora). Mainly due to the fact that it gets in my ways of other programs, and I don't know how to work any of it.
I'd like to learn it, especially if it's worthwhile in making things more secure, but I have no idea where to get started with this.
If it's worthwhile what are some good resources so I can start looking at actually using this?
well selinux is a highley secure incryptic system built for government use. but it is also used on like other free distros. you loaded it so now you will have to unistall to get rid of it . It is a adon to your regular systm and is embeded now sorry for the lack of info.
I used to disable it in suse 9.something... possibly even 10.0. I thought the configuration program that came with fedora was simple enough to use, and the pre-configuration was sensible, so I kept it on. If you are behind a firewall and keep to the official repositories... or you don't have any data on the pc that needs securing, I think you can turn it off without worries.
So did I with out much of a newbie beginners guide who doesn't really know what selinux is about.
I was hoping for a place that someone already knew that had great info, where I can hit the ground running.
I have never used SELinux, and some of the links I saw appear good enough for a beginner to understand and follow along. sometimes a good effort is enough to get you started.
I found the book, SELinux: NSA's Open Source Security Enhanced Linux by Bill McCarty, to be very useful.
+1
I won't pretend to be a selinux expert, but I read through this book and found it to be quite thorough. If my job depended on me learning selinux well, I believe this book would be among the more valuable resources. (Even if your head does hurt after reading it.)
I'd like to learn it, especially if it's worthwhile in making things more secure
Turning things around (and while I do like GRSecurity for its strengths) I could argue there is no realistic equivalent in the GNU/Linux world that is maintained and supported like this, gains adaptation and helps distributions get EAL certified. Yes, it is worthwhile enabling. Whats more is that everyone enabling it can help make it better just by running it and adding tickets to the bug tracker when modifying the local policy doesn't make things work. Also, unlike other solutions you get the upstream rulesets so you don't have to build them from scratch (unless you need MLS or like that) to work with SELinux, there's lotsa tools for policy makers and if you use RHEL, CentOS or Fedora the documentation on the RH and Fedora sites should help you get going in no time. Next to that I'd like to plug Prentice Hall's "SELinux by example", definately readable.
Quote:
Originally Posted by Drakeo
well selinux is a highley secure incryptic system built for government use. (..) you loaded it so now you will have to unistall to get rid of it . It is a adon to your regular systm and is embeded now sorry for the lack of info.
You better go read some before you post. Please do.
Quote:
Originally Posted by oskar
If you are behind a firewall and keep to the official repositories... or you don't have any data on the pc that needs securing, I think you can turn it off without worries.
By running it you gain "extra" protection you wouldn't get otherwise and not at that low a cost.
Bear in mind that there have been some major changes to SELinux over the last 12 months, so you might want to be careful when choosing which books to spend money on.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.