Tips for Taming SELinux
Source: Enterprisenetworkingplanet.com - Posted by Ryan Berens   
SELinux Wanted to learn a few more tips on SELinux and get a feel for what it does? Carla Schroeder chimes in again regarding SELinux as a whole and its policies:

An SELinux policy has no concept of an all-powerful superuser, but only what is allowed and what is not allowed. It takes away the destructive potential of root. A successful intrusion will be confined to the process that it compromises, and will not be able to escalate beyond it. Sounds a bit like a chroot jail, doesn't it?

Read this full article at Enterprisenetworkingplanet.com

Comments
Written by jon on 2007-11-27 20:15:41
Id really like to learn selinux better.. Being a novice admin and afriad to screw things up (hosting servers) Ive mostly tried to just run grsecurity kernels but seems there is hardly a stable one, even their current 2.6.19.2 spits out its fair share of errors on the smp systems I use, some even having regular oops everyday. 
 
The newer kernels arent much different, seem to have a problem(s) in any version. I guess what I wanna say is I would like to be able to use the RHEL kernel and not have to worry about security. I just dont trust them totally security-wise but they are stable.  
 
Would be nice if there was sites where you can get some good selinux policy sets to use as example.  
 
never the less, nice article. if anyone knows where I can find example policies to use please share 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!