Linked by Thom Holwerda on Wed 21st Nov 2007 13:58 UTC, submitted by Rahul
Fedora Core "We all appreciate that when we turn on our Linux systems they're pretty secure. Thanks to continuing improvements to SELinux, it is increasingly easy for users to take advantage of this powerful security tool. Read on to find an interview with Daniel Walsh, the principal developer of SELinux in Fedora from Red Hat, where he tells us more about what SELinux does and how it's improved in Fedora 8. At the end of the article are some screenshots which show-off the new policy creation GUI."
Permalink for comment 285939
To read all comments associated with this story, please click here.
Member since:

The whole key behind SELinux is it is based on the booleans and puts a stop to rouge processes or brings it to your attention 'yeah something is trying to write here' and I am going to deny the access. In all honesty SELinux has a learning curve but it has proven a invaluable tool in locking down a server. At first everyone was saying just disable it and move on. Now people have figured out, leave it on just like it is by default.

The tools such as 'system-config-selinux' & selinux trouble shooter can make life a lot easier if you take the time to read what is actually going on. You can adjust the rules or modify the boolean values instead of just turning it off.

Plus all of these tasks can be accomplished by the command line such as 'restorecon' allowing you to restore the original file security context very helpful if you modify something or want to return it to normal. Red Hat has an excellent system in place and Fedora 8 is cutting edge I use both RHEL5.1 Server at work and Fedora 8 at home.

SELinux = Granular control over the system this is mandatory today with vital personal data and the fact identity theft is on the rise. Fedora 8 has multiple improvements I am still exploring some of the new features... ;)

Reply Score: 3