For some time now, I usually just disable selinux on my machines that I setup (redhat / centos / fedora). Mainly due to the fact that it gets in my ways of other programs, and I don't know how to work any of it.

I'd like to learn it, especially if it's worthwhile in making things more secure, but I have no idea where to get started with this.

If it's worthwhile what are some good resources so I can start looking at actually using this?

Thanks,

well selinux is a highley secure incryptic system built for government use. but it is also used on like other free distros. you loaded it so now you will have to unistall to get rid of it . It is a adon to your regular systm and is embeded now sorry for the lack of info.

I used to disable it in suse 9.something... possibly even 10.0. I thought the configuration program that came with fedora was simple enough to use, and the pre-configuration was sensible, so I kept it on. If you are behind a firewall and keep to the official repositories... or you don't have any data on the pc that needs securing, I think you can turn it off without worries.

I saw tons of hits when searching Google:

http://www.google.com/search?q=using...ient=firefox-a

So did I with out much of a newbie beginners guide who doesn't really know what selinux is about.

I was hoping for a place that someone already knew that had great info, where I can hit the ground running.

I have never used SELinux, and some of the links I saw appear good enough for a beginner to understand and follow along. sometimes a good effort is enough to get you started.

I found a good overview here
http://people.redhat.com/dwalsh/SELi...anageRHEL5.pdf

also

http://fedoraproject.org/wiki/SELinux

You can use "ls -lZ" to examine the context of existing files and directories and use the chcon command to modify the context.

I have a howto that shows how to mount httpd viewable directories via nfs using RHEL 5. The same contexts can be used with the chcon command.
http://pitmanweb.com/blog/index.php?...&c=1&tb=1&pb=1

Just remember that directory and file contexts must be set so that the kernel will allow applications to access directory trees.

You can change the value in /etc/selinux/config: SELINUX=enforcing to SELINUX=disabled and reboot without having to uninstall anything

I use SELinux at work because of its security.

I learned it by studying for my Red Hat exam. It can be annoying and frustrating, but it's not that difficult once you understand.

I found the book, SELinux: NSA's Open Source Security Enhanced Linux by Bill McCarty, to be very useful.

The Gentoo team has put out an excellent guide for SELinux. Much of it is Gentoo-centric, but you could still learn quite a bit from it.

http://www.gentoo.org/proj/en/harden...x-handbook.xml

+1

I won't pretend to be a selinux expert, but I read through this book and found it to be quite thorough. If my job depended on me learning selinux well, I believe this book would be among the more valuable resources. (Even if your head does hurt after reading it.)

Turning things around (and while I do like GRSecurity for its strengths) I could argue there is no realistic equivalent in the GNU/Linux world that is maintained and supported like this, gains adaptation and helps distributions get EAL certified. Yes, it is worthwhile enabling. Whats more is that everyone enabling it can help make it better just by running it and adding tickets to the bug tracker when modifying the local policy doesn't make things work. Also, unlike other solutions you get the upstream rulesets so you don't have to build them from scratch (unless you need MLS or like that) to work with SELinux, there's lotsa tools for policy makers and if you use RHEL, CentOS or Fedora the documentation on the RH and Fedora sites should help you get going in no time. Next to that I'd like to plug Prentice Hall's "SELinux by example", definately readable.


You better go read some before you post. Please do.


By running it you gain "extra" protection you wouldn't get otherwise and not at that low a cost.

You could also check the following for info about SELinux: http://www.redhat.com/docs/manuals/e...-overview.html

Bear in mind that there have been some major changes to SELinux over the last 12 months, so you might want to be careful when choosing which books to spend money on.