Results 1 to 11 of 11
  1. #1
    Join Date
    Feb 2004
    Location
    Phoenix, AZ
    Posts
    162

    Does anyone enable SELinux on a DS?

    If you've ever enabled SELinux, you know how difficult it can be to deal with. Does anyone enable it on their DS and does it really enhance security?
    bigwrench

  2. #2
    Join Date
    Apr 2007
    Posts
    3,513
    It does enhance security but it does conflict with a lot of third party programs and control panels.
    - Buying up websites, side-projects and companies - PM Me! -

  3. #3
    Join Date
    Oct 2007
    Location
    CA,USA
    Posts
    320
    As ZanyHost says he has alot of issues with third party programs.

    I've had issues with SElinux doing that.

  4. #4
    Join Date
    Mar 2009
    Location
    Israel
    Posts
    1,204
    It depends on the type of applications you run on your server and who is actualy useing it.

    for my personal machines ( servers / home pc ) i run SELINUX enabled with my own rules compiled into it - works like a charm, i like the idea of knowing i have an extra layer of security.

    ofcourse i use the targeted policy setup, no the strict one , i dont need file access levels(who does on a home pc?).

    anyhow , never had issues with selinux, it's just takes a bit longer to configure your server with it enabled.

    i recommend you to put it in permissive mode and learn the logs, then you could move up to Enabled mode after you got all your booleans and context set the way you like them.

    for you last question, Yes it realy enhances the security, as it is no longer only unix permissions based , but along with unix permissions you also have per proceess permissions.

    Not an easy setup if you dont know how to use it.


    *edit*
    I forgot to mention , for clients which ask for SELinux Enabled dedicated systems ,we install RHEL - and only for the managed clients, its not a good idea to give someone an un-managed selinux Enabled machine, it can drive a person crazy if he does not know what's selinux.
    Last edited by Beast5; 08-21-2009 at 01:39 PM.
    beast5.com - Managed Hosting Solutions 2004 - 2016

  5. #5
    Join Date
    Aug 2007
    Location
    Belgium
    Posts
    4,183
    We always disable selinux by default due to some conflicts we experienced in the past.
    www.InstantDedicated.com - Online in no time
    Dedicated Servers in [EU] Netherlands with DAILY support, also on weekends
    DDOS Protected network - 100% Money Back if it doesn't work for you
    Streaming / IPTV allowed | Up to 10 Gbit ports | 100% Network Uptime

  6. #6
    Join Date
    Jan 2005
    Location
    San Francisco/Hot Springs
    Posts
    988
    SELinux is easy to deal with if you know what you're doing, but most folks just turn it off because they don't want to deal with generating rules. If you're counting on SELinux to save you, you've already lost though. If you need security, switch to FreeBSD or OpenBSD. Way less hassle with way more security, and its faster a decent amount of the time too.
    AppliedOperations - Premium Service
    Bandwidth | Colocation | Hosting | Managed Services | Consulting
    www.appliedops.net

  7. #7
    What do you mean when you say enable it on DS?
    Sorry I'm new to this forums.

  8. #8
    Join Date
    Jan 2003
    Location
    SLC
    Posts
    2,058
    What do you mean when you say enable it on DS?
    Sorry I'm new to this forums.
    "enable it on a dedicated server"
    Lowest Host/Empire Technology LLC
    Offering Quality Shared, Reseller, VPS servers, and Dedicated Servers
    24x7 Tech Support http://empire-hosting.net
    XEN Servers Now http://xenserversnow.com - Budget XEN VPS /

  9. #9
    Join Date
    May 2009
    Location
    Denver, Colorado
    Posts
    190
    We disable it by default on all dedicated servers because a lot of clients have a problem dealing with it since most are unfamiliar to it's usage. If you have good security, ie secure your tmp directory, use a firewall, etc, there is no real need to use SELinux. I think it is more of a pain than it is worth quite honestly.
    Mean Servers - Mean Business
    █ Denver & Los Angeles - Web Hosting | Reseller Hosting | VPS Virtual Private Servers | Dedicated Servers | Managed Services
    Mean Servers - www.MeanServers.com

  10. #10
    Join Date
    Jan 2005
    Location
    San Francisco/Hot Springs
    Posts
    988
    Quote Originally Posted by redrocksdatacenter View Post
    If you have good security, ie secure your tmp directory, use a firewall, etc, there is no real need to use SELinux.
    There are a lot of people who'd disagree. Linux is pretty easy to break into if you don't have it configured... The recent release of ZF05 really illustrates how important user level security is, and how trivial it is to get somewhere on a typically setup system. Sure good /tmp security is handy but thats one tiny step in the right direction, you really need a comprehensive lockdown to avoid being owned up by some hacker or a worm.
    AppliedOperations - Premium Service
    Bandwidth | Colocation | Hosting | Managed Services | Consulting
    www.appliedops.net

  11. #11
    Join Date
    May 2009
    Location
    Denver, Colorado
    Posts
    190
    True but you can't just rely on SELinux alone, I merely listed a few very basic steps most people over look (as sad as that is). SELinux is designed to compliment other security measures, not be the only one. Hence why I think SELinux is more trouble than it's worth. Sure it has a few good features that are extremely useful but if you take other precautions, it isn't a necessary function for everyone.
    Mean Servers - Mean Business
    █ Denver & Los Angeles - Web Hosting | Reseller Hosting | VPS Virtual Private Servers | Dedicated Servers | Managed Services
    Mean Servers - www.MeanServers.com

Similar Threads

  1. Why *don't* you use SELinux?
    By MartHUK in forum Hosting Security and Technology
    Replies: 7
    Last Post: 09-22-2006, 06:34 AM
  2. Is SELinux worth it?
    By MartHUK in forum Hosting Security and Technology
    Replies: 0
    Last Post: 09-19-2006, 12:00 PM
  3. Help with SELinux
    By millerg in forum Web Hosting
    Replies: 0
    Last Post: 05-10-2006, 11:42 AM
  4. Selinux issue
    By Froggy in forum Dedicated Server
    Replies: 0
    Last Post: 09-25-2005, 01:36 AM
  5. qmail and SELinux
    By jenniffer27 in forum Hosting Security and Technology
    Replies: 2
    Last Post: 06-04-2005, 12:02 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •