SCIENTIFIC-LINUX-DEVEL Archives

November 2013

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Low: selinux-policy enhancement update on SL6.x i386/x86_64
From:
Steven Haigh <[log in to unmask]>
Reply To:
Steven Haigh <[log in to unmask]>
Date:
Wed, 6 Nov 2013 17:01:47 +1100
Content-Type:
multipart/signed
Parts/Attachments:
text/plain (950 bytes) , signature.asc (849 bytes) 
On 6/11/2013 4:34 PM, Orion Poplawski wrote:
> On 11/4/2013 7:25 PM, Steven Haigh wrote:
>>
>> Do many people use SELinux in the enforcing mode?
>>
>> While I'm a bit old school, I don't know many people who even have
>> SELinux in permissive mode - let alone enforcing...
>>
> 
> I run SELinux in enforcing mode on almost all of our SL and Fedora
> servers and workstations.  Only exception is our compute machines due to
> some issue with gridengine/openmpi.  I view it as a very essential
> security component.

As part of your security policy - how do you test that SELinux is
actually doing what it is supposed to?

Apart from the obvious DENIED messages that it gives off, there doesn't
seem to be any way to check that it will actually stop unexpected access
to various system components.

Is there anything further than 'well, its enabled!'?

-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299

ATOM RSS1 RSS2