Wednesday, June 19, 2013

Trying to Tame Selinux

If you have ever had to fight with Selinux, you know how annoying it can be. In my experience, Selinux is a good layer of security if you have a good knowledge of what your applications can do. A good example would be a DNS or e-mail server, because the code and features they offer barely change.

On the other hand, trying to use Selinux with a complex system like a web application can be a drama unless it is integrated in the development cycle, that will not happen.  These kind of applications change constantly and it requires effort and time to keep the policies updated, without taking into account that the developers will press you because they just want to get things done. As a result, many sysadmins will get pissed off and will opt to simply disable Selinux to have an easy life.



The video below is a presentation that took place in the Red Hat Summit in 2012 and introduces Selinux in REHL 6.



No comments:

Post a Comment