SELinux vertigo- do you get it as well?

varelgvarelg Posts: 790Banned
in LPI, Red Hat & Linux Foundation
The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?
I am posioning the forums.
· Share on FacebookShare on Twitter

Comments

  • asummersasummers Posts: 157Member
    varelg wrote: »
    The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?

    It's used in Production - and hated.
    · Share on FacebookShare on Twitter
  • ExpectExpect Posts: 251Member
    It's an essential security layer, however, I have seen more programs that don't support it than the other way.
    · Share on FacebookShare on Twitter
  • Kinet1cKinet1c Posts: 604Member ■■■□□□□□□□
    Reading a book on it at the moment, in theory it's great but as mentioned integration with other apps seems to be poor.
    2018 Goals - Learn all the Hashicorp products

    Luck is what happens when preparation meets opportunity
    · Share on FacebookShare on Twitter
  • digitalixdigitalix Posts: 5Member ■□□□□□□□□□
    never turn it off! this way you learn something every day and in the end you have some extra security along with grey hairs
    I tent do start using it getsebool setsebool is not that hard these days
    · Share on FacebookShare on Twitter
  • VeritiesVerities Posts: 1,162Member
    Its a difficult concept to grasp, but once you get it down you understand why its necessary. You can usually get it to work with apps that aren't' supported natively however it can require considerable configuration changes. I'm not going to lie though, it took me reading over SELinux documentation multiple times to understand its functions and configurations.
    · Share on FacebookShare on Twitter
  • JockVSJockJockVSJock Posts: 1,118Member
    I'm starting to get it, which is an awesome feeling.

    The best tutorial I found is this: https://wiki.gentoo.org/wiki/SELinux

    There are a number of tutorials on youtube which have also helped me.

    Yes, I was like everyone else. At first I set it to disabled, however I kept at it and now I'm getting it.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
    · Share on FacebookShare on Twitter
  • VeritiesVerities Posts: 1,162Member
    varelg wrote: »
    The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?

    One other possibility is the use of HIPS in place of SELinux. Even then you want to keep it in permissive mode for logging purposes.
    · Share on FacebookShare on Twitter
  • VeritiesVerities Posts: 1,162Member
    Found 2 YouTube videos that are pretty much the same from RedHat and RedHat Summit that explain SELinux really well.

    2012 version: https://www.youtube.com/watch?v=MxjenQ31b70

    2015 version: https://www.youtube.com/watch?v=cNoVgDqqJmM
    · Share on FacebookShare on Twitter
  • PupilPupil Posts: 168Member
    SELinux is awesome... once you learn how to deal with it.

    sealert is your best friend.
    2015 Certification Goals: CCNA: Routing & Switching FONT=courier new][SIZE=2][COLOR=#ff0000]X[/COLOR][/SIZE][/FONT, CCNA: Security FONT=courier new][SIZE=2][FONT=courier new][SIZE=2][COLOR=#ff0000]X[/COLOR][/SIZE][/FONT][/SIZE][/FONT, Security+ COLOR=#ff0000]X[/COLOR
    · Share on FacebookShare on Twitter
Sign In or Register to comment.