Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
A question about SELinux
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tramshed
n00b
n00b


Joined: 03 Dec 2004
Posts: 5
Location: Chicagoish

PostPosted: Sat May 11, 2013 4:27 am    Post subject: A question about SELinux Reply with quote

Is it viable for a general server yet? i.e: One that runs a few game servers, lighttpd, etc. Or is it still tricky as hell to set up without screwing up the point of it?
Back to top
View user's profile Send private message
vaxbrat
Guru
Guru


Joined: 05 Oct 2005
Posts: 510
Location: DC Burbs

PostPosted: Sat May 11, 2013 4:54 am    Post subject: I just dunno Reply with quote

It's been a while since I've tried to mess with it. Even on RHEL5 installs, I end up either throwing it in permissive mode or disabling it entirely since the bundled reference policy screws up the ability to have Samba work with Active Directory. I never did try anything with targeted policy mode on gentoo so maybe it would be useful to secure isolated stovepipes on an install.

Maybe one day I'll have a requirement to do something with multi-level security (not common need to know) and will have the charge numbers at work to take a good long look at it again.
Back to top
View user's profile Send private message
The Doctor
Veteran
Veteran


Joined: 27 Jul 2010
Posts: 1265

PostPosted: Sat May 11, 2013 5:23 am    Post subject: Reply with quote

Last time I tried to use it I found it to be extremely difficult to use. I wound up getting rid of it and nuking my OS in the process (Ok, that was probably my fault.)

You may want to look at Gsecurity. It does much the same thing, but is much, much easier to use. http://www.gentoo.org/proj/en/hardened/
_________________
First things first, but not necessarily in that order.
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2138
Location: $TERM

PostPosted: Sat May 11, 2013 6:36 am    Post subject: Reply with quote

It's basically a kernel level sandbox and extremely useful and highly configurable as compared to AppArmour and GRsecurity (as from what I heard).

It's the top choice for best levels of security for all applications, either it be Desktop or any kind of server.

As a result, portage is filled with selinux policies, and one for Apache too --

sec-policy/selinux-apache
_________________
Buy from companies supporting opensource -- IBM, Dell, HP, Hitachi, Google etc...
Disfavor companies supporting only Win -- Logitech, Epson, Adobe, Autodesk, Pioneer, Kingston, WD, Yahoo, MSI, XFX
My blog
Back to top
View user's profile Send private message
Sven Vermeulen
Developer
Developer


Joined: 29 Aug 2002
Posts: 1341
Location: Mechelen, Belgium

PostPosted: Sun May 12, 2013 6:08 pm    Post subject: Reply with quote

It's not tricky... just a level up from the regular Linux permissions ;-) Make sure you follow the Gentoo Hardened SELinux handbook though, it's not just a matter of enabling a few options in the Linux kernel. I'm also writing a tutorial series to learn SELinux in a step-by-step manner.
_________________
Please add "[solved]" to the initial topic title when it is solved. TIA.
Linux Sea (PDF), an online e-book on Gentoo Linux
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum