Re: Selinux

Ray Parrish wrote:
Hello,

I get the following error message when starting System Monitor -

** (gnome-system-monitor:9044): WARNING **: SELinux was found but is not
enabled.

I've researched SELinux, and found that it is a Security enhancement for
Linux. I used Synaptic Package manager, and it appears that only the lib
files for this is installed, not the main package itself.

Should I be concerned?

Thanks, Ray Parrish


Honestly, no. The SELinux packages are very good for systems that
require much more granular security settings. Web servers, application
servers, file servers, anything where multiple people access the server
for any number of reasons. This lets you set very specific settings on
per-file/per-user/per-almost anything basis.

A basic desktop system at home probably doesn't need it, but the base
SELiux settings are permissive enough to let things run without any
trouble (usually) and let you audit the system periodically for any
misconfigured settings.

Personally, I don't run it on my normal desktop system, but I do on my
webservers, proxy server and mail server just to keep an eye on things,
even though they are very low traffic. Even those systems get ssh
sniffed a half dozen times a day or so, so it's good to keep a lookout.
I also run samhain for file integrity checking, but that's a whole other
can of worms.

As it is, installing and running SELinux in permissive mode probably
won't hurt anything. although you may find certain apps won't function
out of the box if SELinux doesn't have a correct config for them. It
happens much less often now, so I don't see that as a problem.

As for what Karl says, don't listen to him, he knows so little about
security it's really kinda frightening.


--
Mark Haney
mhaney@xxxxxxxxxxxxxxxx
Fedora release 9 (Sulphur)
Kernel: 2.6.25.10-86.fc9.i686 GNU/Linux

16:31:50 up 3 days, 6:20, 2 users, load average: 0.96, 0.77, 0.85




--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • Re: Win2k3 Security Settings Break PerfMon
    ... This can be disabled using Local Security Policy ... This was one of the settings that I modified while troubleshooting the ... > You didn't say what the operating system is of the servers you are having ... a bevy of security templates which automate the ...
    (microsoft.public.win2000.security)
  • RE: Cluster not compatible with Windows Server 2003 Security Guide NTL
    ... transitioning a cluster to the Windows Server 2003 Security Guide settings. ... all of the servers in the clusters and reboot. ...
    (microsoft.public.windows.server.clustering)
  • local security policy
    ... I'm trying automate the configuration of security settings on new w2k ... The servers will all be standalone servers. ... that exported template to new servers in post-installation scripts. ...
    (Focus-Microsoft)
  • Re: Exporting effective security of Server.
    ... > I need to provide our security audit team with an "effective security ... settings" output from a selection of servers. ... effective security settings of a server to an .inf or .sdb file? ...
    (microsoft.public.win2000.security)
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    ... Would there be a reason to implement floating labels in SELinux? ... In this case fireflier would need to do only this: ... To have all tasks assigned a security structure, ... * A task has accessed this file, add the task's SID to the group SID of ...
    (Linux-Kernel)