Unix Linux Hacks, Commands and Configuration. Red Hat Fedora SuSE Debian Knoppix Slackware: SElinux basic information Security Enhanced Linux

SElinux comes as a default module in RHES 4, which is really good, as it by default defends some network daemons like, httpd, nscd, bind/named, dhcpd, mysqld, ntpd, portmap, postgresql, snmpd, squid and syslogd.
My "subjective" advice is to NOT turn off SELinux, and to run it enabled and in at least targeted mode. Especially if you are running any network daemons like those mentioned earlier.

SElinux policy can be used in targeted and strict mode. The targeted mode is a rework of the strict policy, and concentrates on protecting vulnerable services and daemons and not the hole operating system. This
makes it much easier to start using SElinux. Red Hat for example (or Fedora) is writing policies for even more services and daemons. I belive they will realese a list of 55 or more protected services soon.

If you are interested in writing your own SElinux policies you might want to have a look at apol
and or sepol.

Technorati Tags:
selinux, targeted, policy, enhanced, security, red hat, rhes 4, httpd, squid, syslogd, nscd

Del.icio.us Tags:
selinux, targeted, policy, enhanced, security, red hat, rhes 4, httpd, squid, syslogd, nscd

Unix Linux Hacks, Commands and Configuration. Red Hat Fedora SuSE Debian Knoppix Slackware

March 1, 2006

SElinux basic information Security Enhanced Linux

Poker Stars, where Linux and Mac users play