SELinux vertigo- do you get it as well?

The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?

Comments

  • asummersasummers Member Posts: 157
    varelg wrote: »
    The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?

    It's used in Production - and hated.
  • ExpectExpect Member Posts: 252 ■■■■□□□□□□
    It's an essential security layer, however, I have seen more programs that don't support it than the other way.
  • Kinet1cKinet1c Member Posts: 604 ■■■■□□□□□□
    Reading a book on it at the moment, in theory it's great but as mentioned integration with other apps seems to be poor.
    2018 Goals - Learn all the Hashicorp products

    Luck is what happens when preparation meets opportunity
  • digitalixdigitalix Member Posts: 5 ■□□□□□□□□□
    never turn it off! this way you learn something every day and in the end you have some extra security along with grey hairs
    I tent do start using it getsebool setsebool is not that hard these days
  • VeritiesVerities Member Posts: 1,162
    Its a difficult concept to grasp, but once you get it down you understand why its necessary. You can usually get it to work with apps that aren't' supported natively however it can require considerable configuration changes. I'm not going to lie though, it took me reading over SELinux documentation multiple times to understand its functions and configurations.
  • JockVSJockJockVSJock Member Posts: 1,118
    I'm starting to get it, which is an awesome feeling.

    The best tutorial I found is this: https://wiki.gentoo.org/wiki/SELinux

    There are a number of tutorials on youtube which have also helped me.

    Yes, I was like everyone else. At first I set it to disabled, however I kept at it and now I'm getting it.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
  • VeritiesVerities Member Posts: 1,162
    varelg wrote: »
    The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?

    One other possibility is the use of HIPS in place of SELinux. Even then you want to keep it in permissive mode for logging purposes.
  • VeritiesVerities Member Posts: 1,162
    Found 2 YouTube videos that are pretty much the same from RedHat and RedHat Summit that explain SELinux really well.

    2012 version: https://www.youtube.com/watch?v=MxjenQ31b70

    2015 version: https://www.youtube.com/watch?v=cNoVgDqqJmM
  • PupilPupil Member Posts: 168
    SELinux is awesome... once you learn how to deal with it.

    sealert is your best friend.
Sign In or Register to comment.