How secure is Fedora without SELinux ?

Arthur Pemberton pemboa at gmail.com
Thu Aug 14 19:30:23 UTC 2008


On Wed, Aug 13, 2008 at 8:00 AM, David Jansen <jansen at strw.leidenuniv.nl> wrote:
> How secure is a current Fedora (9) system without SELinux? Of course it
> is less secure than the same system with SELinux enabled, but is it
> still at the same level of security as any other Linux distribution that
> doesn't come with SELinux enabled? or are there packages that depend on
> SELinux for their security, eg services that run as root on Fedora in
> stead of as an unpriviledged user, assuming that SELinux takes care of
> limiting root to what the service is supposed to do?
>
> (my actual problem was a machine running a web- and mailserver with lots
> of software that doesn't come from Fedora repositories, eg Joomla and
> other web applications, where I haven't managed to figure out how to
> make those things work together with SELinux)


I can tell you from experience... especially for these things that run
on the public internet, put in the time to get SELinux to work. This
may include rolling your own policies IF the things you are running
are of such a variety. As time passes by, the likelyhood that SELinux
saves your ass increases.


-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )




More information about the fedora-list mailing list