[TriLUG] have ya'll seen this?
Nick Goldwater
nick at dogstar1.com
Wed Jan 1 12:54:19 EST 2014
SELinux used to be a bear to deal with but it has improved. RedHat made all their (may still) run SELinux to work the bugs out. Still, beware with custom apps. You need to create new policies.
I like the overall idea of SELinux in that it handles security in contexts. It looks at what processes and users are 'supposed' to do. So if you had a 0day exploit in your PHP application and someone was able to elevate their privilege, they would be stuck there.
The easiest way to see what SELinux would do in a given situation is to run it in permissive mode. That way you do not need to un-tag (to remove. pain to reinstate after removal) and you can view a log of SELinux actions not carried out.
For you Linux people out there... ls -Z
Nick
----- Original Message -----
| From: "John Broome" <jbroome at gmail.com>
| To: "Triangle Linux Users Group General Discussion" <trilug at trilug.org>
| Sent: Wednesday, January 1, 2014 11:33:10 AM
| Subject: Re: [TriLUG] have ya'll seen this?
|
| On Wed, Jan 1, 2014 at 10:48 AM, Dewey Hylton <plug at hyltown.com> wrote:
|
| > who is credited for authoring SElinux?
|
|
| Tin foil hat: ENGAGE
|
| What if the NSA made selinux so onerous to deal with on purpose so that
| everyone turns it off after a fresh install...
| --
| This message was sent to: Nick Goldwater <nick at dogstar1.com>
| To unsubscribe, send a blank message to trilug-leave at trilug.org from that
| address.
| TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
| Unsubscribe or edit options on the web :
| http://www.trilug.org/mailman/options/trilug/nick%40dogstar1.com
| Welcome to TriLUG: http://trilug.org/welcome
|
More information about the TriLUG
mailing list