| View previous topic :: View next topic |
| Author |
Message |
tramshed
n00b
Joined: 03 Dec 2004
Posts: 5
Location: Chicagoish
|
 Posted: Sat May 11, 2013 4:27 am Post subject: A question about SELinux |
 |
|
| Is it viable for a general server yet? i.e: One that runs a few game servers, lighttpd, etc. Or is it still tricky as hell to set up without screwing up the point of it? |
|
| Back to top |
|
 |
vaxbrat
l33t
Joined: 05 Oct 2005
Posts: 731
Location: DC Burbs
|
| Posted: Sat May 11, 2013 4:54 am Post subject: I just dunno |
|
|
It's been a while since I've tried to mess with it. Even on RHEL5 installs, I end up either throwing it in permissive mode or disabling it entirely since the bundled reference policy screws up the ability to have Samba work with Active Directory. I never did try anything with targeted policy mode on gentoo so maybe it would be useful to secure isolated stovepipes on an install.
Maybe one day I'll have a requirement to do something with multi-level security (not common need to know) and will have the charge numbers at work to take a good long look at it again. |
|
| Back to top |
|
|
The Doctor
Moderator
Joined: 27 Jul 2010
Posts: 2678
|
| Posted: Sat May 11, 2013 5:23 am Post subject: |
|
|
Last time I tried to use it I found it to be extremely difficult to use. I wound up getting rid of it and nuking my OS in the process (Ok, that was probably my fault.)
You may want to look at Gsecurity. It does much the same thing, but is much, much easier to use. http://www.gentoo.org/proj/en/hardened/
_________________
First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
| Back to top |
|
|
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2289
Location: $TERM
|
| Posted: Sat May 11, 2013 6:36 am Post subject: |
|
|
It's basically a kernel level sandbox and extremely useful and highly configurable as compared to AppArmour and GRsecurity (as from what I heard).
It's the top choice for best levels of security for all applications, either it be Desktop or any kind of server.
As a result, portage is filled with selinux policies, and one for Apache too --
sec-policy/selinux-apache
_________________
My blog |
|
| Back to top |
|
|
Sven Vermeulen
Retired Dev
Joined: 29 Aug 2002
Posts: 1345
Location: Mechelen, Belgium
|
| Posted: Sun May 12, 2013 6:08 pm Post subject: |
|
|
It's not tricky... just a level up from the regular Linux permissions  Make sure you follow the Gentoo Hardened SELinux handbook though, it's not just a matter of enabling a few options in the Linux kernel. I'm also writing a tutorial series to learn SELinux in a step-by-step manner.
_________________
Please add "[solved]" to the initial topic title when it is solved. |
|
| Back to top |
|
|
|
Networking & Security
