Questions about selinux on slackware
Hi
I have not installed selinux but I was considering. I have a few questions and was wondering if any of you guys could answer. 1. I have a family network of three computes on a wireless router, should I be using selinux? Or Is it more geared towards the corporate structure? I also download alot of programs. 2. I was a little fearful that if I recompile my kernel with selinux that it will mess up my system. There does not seem to be much support for installing it on slackware. 3. Is it very intrusive and inhibiting. Will I have to change selinux everytime I install programs from source? Will it cause alot of problems running software? 4. What is pam? I read two forums where they want selinux but without pam. 5. Since selinux looks at every object (file) will I need to spend quite a bit of time setting it up to enable everything I am currently using as a user. In other words, will I run into lots of problems with lots of objects disabled? 6. Is there other similar security software that seems to be more user friendly and compatible with slackware? |
In answer to 6. : you could use open source tripwire http://sourceforge.net/projects/tripwire/
Regards, |
What are you trying to accomplish? -- I/we could advise you better if we knew the Q behind the Q.
I have several friends who use Fedora & they seem to disable it because it is such a PITA. BTW, trying to put it on Slack seems ill-advised: (from http://en.wikipedia.org/wiki/Selinux#Implementations): Quote:
Some "random" links I looked at: |
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
|
Perhaps I should have mentioned that the friends are professional Linux consultants. So I guess it proves that however valuable it is, it's got a major (?) learning curve.
Of course those who are using it successfully may not have complained. I'll try to re-survey tonight at the HLUG weekly Workshop. Serious Q: If SELinux is so good, which firewall distros have adopted it. -- AFAIK, not SmoothWall Express or IPCop. For that matter, I see no sign of Tripwire, Samhain, chkrootkit, or rkhunter in SmoothWall Express & this worries me. |
Quote:
Maybe it proves that consultants are lazy and stupid? ;D Cheers, Tink |
Or busy :D
|
Quote:
|
Thanks for the great info and the little debate ;).
I am pretty new to linux and I want to better secure my system. Having read quite a bit about selinux, it seems that it is only as good as it is set up. In a nutshell, it seems that selinux is based on examining every file and process. I guess I would have to tell selinux, in lay mans terms, how to look at each and every file and process. Setting it up seems to be way too much work. So..... Having read some of the selinux papers, there seem to be flaws with the use chmod command, giving hackers, poorly written software, and hostel software root access. What should I do to "harden" my system. Your expert opinions would be much appreciated. I have a dell inspiron 5150 with a dual boot. xp/slackware 12. Thanks |
There used to be a guide and script around -try googling for 'harden slackware'.
|
Quote:
Quote:
Quote:
Quote:
|
gnashley, is this what you were talking about: http://www.cochiselinux.org/files/sy...ening-10.2.txt ? (For 10.2, but may work -- haven't looked into it). Also see here: http://www.antionline.com/showthread.php?p=936777 (all by googling).
|
Quote:
If I find it Ill let you know. |
Quote:
We can not have that here. |
Quote:
You can read this link from NSA. Quote:
I appreciate your help in pointing out my mistake. You are obviously much more knowledgeable on the linux os and computer security. |
All times are GMT -5. The time now is 11:57 AM. |