Top 10 SELinux Stories of 2007
Source: www.Linuxsecurity.com - Posted by Ryan Berens   
SELinux 2007 was an interesting year for SELinux. Many issues were important and gained exposure, but what did you, the reader have to say about the most important articles in SELinux? There are many ways to judge this and one of them is by listing the most popular articles as chosen by our readers over the course of the year, based on hits. It isn't the only answer, but certainly an interesting one.

Click through to see the list of the Top SELinux stories on Linuxsecurity.com for 2007. Also: For a COMPLETE list of all the SELinux articles that have ever appeared on LinuxSecurity.com, go here Easy to follow and organized by year, it's one of many, many resources avaialable at EnGardelinux.org with regards to SELinux.

  • #1: Don't Disable SELinux! (2007-06-25) - 3150 hits
    http://www.linuxsecurity.com/content/view/128596

    Josh Brindle commented on one of the most pressing issues with SELinux - that many companies decide to tell customers to disable it altogether instead of working through a different solution for a particular program. This was probably the most popular article of the year because SELinux still represents a strong learning curve and is still in a process of acceptance. When someone stakes a claim to not do what is likely common practice, chances are good people will want to know what they are saying.

    Bottom line: SELinux still has an aura of difficulty that convinces people to use the strategy of disabling the entire system. When Josh Brindle, an expert on the topic says "don't do this," people want to see if SELinux has evolved in a way that would replace this quick, easy and damaging strategy. Interestingly, the issue probably centers on the usability, not security effects, in disabling it.

    In other words, people are asking one main question above all others: Is the cost/benefit relationship of implementing SELinux changed? In this writers opinion, this has always been the biggest issue regarding SELinux, was the biggest issue for 2007, and will likely remain the critical issue in the year ahead.

  • #2: SELinux Constrains Samba Vulnerability (2007-06-01)- 3020 hits
    http://www.linuxsecurity.com/content/view/128413

    Samba is one of the most popular projects in open source. When there's a vulnerability that threatens it, and a solution exists that can contain the problem, people will be interested - 'Nuff said.

  • #3: SELinux Gets a Wiki (2007-05-18) - 2961 hits
    http://www.linuxsecurity.com/content/view/128245

    This addresses the usability issue. A Wiki can be an incredibly useful tool for learning about a program or application. If such a resource is created for SELinux especially on the popular Fedora distribution and the learning curve is still high, this should be no surprise.

  • #4: Secure Networking With SELinux (2007-05-31) - 2919 hits
    http://www.linuxsecurity.com/content/view/128403

    Another post coming from Josh Brindle. Again, he is one of the most visible experts on SELinux, and does a great job of addressing the most important issues in SELinux. Here, he addressed the recent improvements that came from the community and the differences between support in the early days and at the time of the article.

  • #5: Linus Torvalds on SELinux (2007-10-03) - 2757 hits
    http://www.linuxsecurity.com/content/view/129807

    Occassionally, the Linux Kernel Mailing list can get heated. In this instance, a discussion had started regarding whether or not LSM should remain the as the only security standard for the Kernel. As is sometimes the case, Linus Torvalds commented in a way that brought the comment some awareness. Whether or not Linus' reaction was taken out of context, the LSM issue is still an interesting one and harbors back on what strategy should drive Kernel security development. Are changes suggested because they are valuable? Or are they suggested because somebody wants to see something change? This friction (as can often be the case in any project) made it popular enough to make #5.

  • #6: Managing SELinux with SETools (2007-10-30) - 2374 hits
    http://www.linuxsecurity.com/content/view/130383 A great article by James Turnbull, another seasoned developer in the world of SELinux. This overview covered SETtools; specifically, apol which Analyzes SELinux policies, sediff which performs diffs on SELinux policy, seaudit, which analyzes audit messages and sechecker which checks SELinux policy. A worthwhile HowTo on these tools that most people found useful, and therefore popular.

  • #7: Kernel Space: A Simplified Security Framework for Linux (2007-10-10) - 2149 hits
    http://www.linuxsecurity.com/content/view/129966

    This was yet another article covering LSM and SELinux and which should take precedence. Is SMACK (Simplified Mandatory Access Control Kernel) good enough to replace whats there? The issue was that, according to many, the current security module would relegate security as an afterthought because it would require so much work to be integrated. The net result, it was argued, was that the liklihood of being avoided would increase, and security wouldn't be as effective. A great article summing up many of the most pertinent issues.

  • #8: Is SELinux Really too Complex? (2007-09-28) - 2105 hits
    http://www.linuxsecurity.com/content/view/129763

    Apparently, the Kernel issue was one of the more pressing issues. This article again covers the LSM, SELinux issue, with another interesting and compelling take on the importance of security within the kernel and where SELinux exists as a result.

  • #9: A Step-by-Step Guide to Building a New SELinux Policy Module (2007-08-23)- 2085 hits
    http://www.linuxsecurity.com/content/view/129044

    If you want help with making a new module, this article covers it. Obviously, based on its place on this list, this is one of the better HowTo's for doing just that. Easy to follow and informative, no wonder it comes in as #9 for the most popular SELinux article for 2007.

  • #10: Samba/SELinux Policy (2007-11-14)- 2049 hits
    http://www.linuxsecurity.com/content/view/130930

    Rounding out our most popular SELinux articles of 2007 is the 2nd showing by SAMBA and SELinux. A great HowTo by none other Dan Walsh, SELinux expert over at Red Hat, its proof that SAMBA security is at the forefront of many users minds. What's that mean? That SELinux is probably going to be involved.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!