[CentOS] securing sshd with selinux

Hajo Locke

hajo.locke at gmx.de
Tue May 17 13:00:43 UTC 2011


Hello List,

dont have experience with selinux, but i want to know if it would be a 
practicable way to secure sshd with selinux.
i have some webservers and want to grant ssh-access to some users. my plan 
ist to make new server where users are able to log in. the homes from 
webserver are mounted in by nfs etc.
i dont like chroot-env for ssh, a lot of disadvantages...
also i dont like if users would scrabble folders that doesn't concern them.
so i thought it would be possible to restrict users by selinux so they dont 
are able to see too much...  objective is to restrict users to there home 
(as far as possible) and run some typical programms like perl, php, some 
binaries and hide all other...
is this a useful scenario for selinux? If not, are there alternatives?

Thanks,
Hajo 




More information about the CentOS mailing list