SELinux vertigo- do you get it as well?
varelg
Banned Posts: 790
The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?
Comments
-
asummers Member Posts: 157The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?
It's used in Production - and hated. -
Expect Member Posts: 252 ■■■■□□□□□□It's an essential security layer, however, I have seen more programs that don't support it than the other way.
-
Kinet1c Member Posts: 604 ■■■■□□□□□□Reading a book on it at the moment, in theory it's great but as mentioned integration with other apps seems to be poor.2018 Goals - Learn all the Hashicorp products
Luck is what happens when preparation meets opportunity -
digitalix Member Posts: 5 ■□□□□□□□□□never turn it off! this way you learn something every day and in the end you have some extra security along with grey hairs
I tent do start using it getsebool setsebool is not that hard these days -
Verities Member Posts: 1,162Its a difficult concept to grasp, but once you get it down you understand why its necessary. You can usually get it to work with apps that aren't' supported natively however it can require considerable configuration changes. I'm not going to lie though, it took me reading over SELinux documentation multiple times to understand its functions and configurations.
-
JockVSJock Member Posts: 1,118I'm starting to get it, which is an awesome feeling.
The best tutorial I found is this: https://wiki.gentoo.org/wiki/SELinux
There are a number of tutorials on youtube which have also helped me.
Yes, I was like everyone else. At first I set it to disabled, however I kept at it and now I'm getting it.***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown -
Verities Member Posts: 1,162The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?
One other possibility is the use of HIPS in place of SELinux. Even then you want to keep it in permissive mode for logging purposes. -
Verities Member Posts: 1,162Found 2 YouTube videos that are pretty much the same from RedHat and RedHat Summit that explain SELinux really well.
2012 version: https://www.youtube.com/watch?v=MxjenQ31b70
2015 version: https://www.youtube.com/watch?v=cNoVgDqqJmM -
Pupil Member Posts: 168SELinux is awesome... once you learn how to deal with it.
sealert is your best friend.2015 Certification Goals: CCNA: Routing & Switching FONT=courier new][SIZE=2][COLOR=#ff0000]X[/COLOR][/SIZE][/FONT, CCNA: Security FONT=courier new][SIZE=2][FONT=courier new][SIZE=2][COLOR=#ff0000]X[/COLOR][/SIZE][/FONT][/SIZE][/FONT, Security+ COLOR=#ff0000]X[/COLOR