Linked by Eugenia Loli-Queru on Sun 11th May 2008 23:48 UTC
Linux has been described as one of the most secure operating systems available, but the National Security Agency (NSA) has taken Linux to the next level with the introduction of Security-Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof. If you're running a 2.6 kernel today, you might be surprised to know that you're using SELinux right now! This article explores the ideas behind SELinux and how it's implemented.
Thread beginning with comment 313823
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: using it in production?
by superman on Mon 12th May 2008 10:28
in reply to "using it in production?"
Member since:2006-08-01
> I think moving forward to virtualization is much more popular.
You can do both.
And you can use SeLinux with virtualisation.
EC2 ( http://aws.amazon.com/ec2 ) permit SeLinux :
$ ssh root@ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com getenforce
Enforcing
Btw, my personnal system :
$ /usr/sbin/getenforce
Enforcing
A log of RHEL / Fedora have SeLinux in Enforcing mode.
Member since:
2005-12-16
I haven't seen it enabled on too many servers. Redhat and Fedora enables SElinux by default (what quickly gets turned off by the admins), pbly the problem not just that the average admins don't have enough experience in RBAC/DAC but applying it in production environment is hard (qaing a mirror of the system then applying it on the main server, and still can something go wrong) to accomplish especially if you want to install new packages on the servers from time to time, not just configuring a box for dns server, then using the basic selinux configuration and leave it that way.
I think moving forward to virtualization is much more popular. I even doubt the nsa use selinux on their own servers.