Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat Boosts SELinux With RHEL 5

Posted by kdawson on from the reducing-false-alarms dept.

E. Stride writes "Many IT managers find Security Enhanced Linux, or SELinux, to be wildly complex. The mandatory access controls originally developed by the NSA have developed a reputation for being too complicated to deal with, and many IT shops simply turn the feature off. However, Red Hat's Dan Walsh says it's the only way to ensure 100% protection in the data center."

3 of 175 comments (clear)

  1. I'm not sure of the advantages over xp sp2 by King_of_Prussia · · Score: 0, Troll
    It adds a "security center" which badgers people into running Windows Firewall, having antivirus software and letting security updates be downloaded and installed automatically. But that's not all!

    There are some neat updates to the wireless networking stuff, adding pretty boxes to make the whole thing somewhat more comprehensible to your average computer user, complete with a huge "this is an open network, anyone can connect to it!" type message.

    The update also adds the "information bar" to IE, a little bar that slides down when it blocks a pop-up or activex control. You have to click the bar and then click the right option on the menu to get either things to display. Dialog boxes make more sense: yes/no in activex prompts has been replaced with "install/don't install" and a "never install from [whoever]" option added. "Open/Save" becomes "Run/Save" in the dialog box for download executables. Little shields pop up all over the place to alert you if you're about to do something insecure.

    Compare this to SELinux, which -- quite apart from screwing things up whenever I try to install it -- has all sorts of insecure services that no-one would use enabled by default. If you sign up to something like the Mandrake security mailing list, you get a ludicruous number of emails -- and I don't think SELinux has any real equivalent to this completely-hands-off automatic update functionality.

    So which OS is more secure? Windows gives you the tools you need, while SELinux gives you just enough rope to hang yourself with.

    Incidentally, Snape dies so Harry can kill Voldemort and survive

    --

    Making the moon less necessary since 1998.

  2. No thanks by Blackknight · · Score: 0, Troll

    SELinux is a huge pain in the ass and most apps don't support it. I know that Cpanel doesn't work with it which is pretty much the industry standard for web hosting control panels. I've even got our kickstart server configured to boot every new server with selinux=0, we simply don't have time to screw around with it trying to make things work.

    The traditional unix security model is fine, it's worked for over 40 years, why change it now? People that need more restrictions are free to install selinux, grsec, openwall, or anything else that they want, we don't need SELinux shoved down our throats by Redhat or any other vendor.

  3. The only SELinux tip you will ever need: by skinfitz · · Score: 0, Troll


    Edit /etc/selinux/config

    Make sure you have this line:
    SELINUX=Disabled

    Save the file and reboot.

    Discover that all those things you couldn't get working on Linux suddenly start working meaning no, you don't have to go back to Windows.