Linked by Thom Holwerda on Wed 21st Nov 2007 13:58 UTC, submitted by Rahul
Fedora Core "We all appreciate that when we turn on our Linux systems they're pretty secure. Thanks to continuing improvements to SELinux, it is increasingly easy for users to take advantage of this powerful security tool. Read on to find an interview with Daniel Walsh, the principal developer of SELinux in Fedora from Red Hat, where he tells us more about what SELinux does and how it's improved in Fedora 8. At the end of the article are some screenshots which show-off the new policy creation GUI."
Thread beginning with comment 286055
To read all comments associated with this story, please click here.
Fedora 8
by Arkansas_Rebel on Fri 23rd Nov 2007 01:38 UTC
Arkansas_Rebel
Member since:
2007-11-03

The easiest way to load is to copy the boot disk image to your drive then partition it out with /boot, /, swap, /home, /usr and /var you can make /home on a logical partition leaving space on the end of your drive by creating a logical volume.

LVM management allows you to resize your drive adding space, easily by the command line with (pvcreate, vgcreate, lvcreate and mkfs.ext3) then create a directory and place it in /etc/fstab. Not to mention ACL, usrquota, suid and numerous other options you can perform on your storage or maybe create a extra logical volume for stuff you want to keep.

It is always best when preforming installation to have separate partitions or volumes for different parts of the file system. This helps if you have a problem or you can boot to run level 1 or emergency being able to mount or umount partitions that may have trouble. Plus, this allows you to really lock your system down further with SELinux, with setfacl's....

Also, they have iced_tea java included now so downloading Sun's Java is now optional. The options in any Linux distro are just about limitless for any customization you want to do. I have found many excellent books that proved to be quite helpful from Barnes & Noble, Books a Million, and several online ones. It is more convenient for me to drive to a city to purchase the books then to order from the internet if they got it in stock.

I am going to purchase a book on SELinux because I will have to become very inept inside and out since I will be deploying several new Red Hat 5.1 Server installs in the new IBM Blade Centers. I will leave the firewall enabled along with SELinux however I will have to do quite a bit of research on what booleans and context I need to leave defined to not break applications for the end users.

Reply Score: 1

RE: Fedora 8
by netpython on Sat 24th Nov 2007 10:01 in reply to "Fedora 8"
netpython Member since:
2005-07-06

SELinux has notably matured with FC8.

I installed FC8 on my mothers PC. She only needs to browse the web.

I changed her user role to xguest_u in the SELinux manager and checked relabel on next boot. Thus every network connection is not allowed except browsing the web, which is the usage scenario.

Very save.

Oh and adding for example ssh capability to the xguest user account is as simple as:

1)grep ssh /var/log/audit/audit.log | audit2allow -R -M myxguest
2)semodule -i myxguest.pp
3) check relabel on next boot and reboot

Reply Parent Score: 2

RE[2]: Fedora 8
by netpython on Mon 26th Nov 2007 16:48 in reply to "RE: Fedora 8"
netpython Member since:
2005-07-06

Oh and adding for example ssh capability to the xguest user account is as simple as:

1)grep ssh /var/log/audit/audit.log | audit2allow -R -M myxguest
2)semodule -i myxguest.pp
3) check relabel on next boot and reboot


More here:

Monday, November 26th, 2007
http://danwalsh.livejournal.com/

Reply Parent Score: 2