Peter Farrow wrote:
I agree 100% I don't need it to make a system secure.
and it appears still that your confidence that you can secure systems without it gets in the way of any efforts to learn how it may benefit you.
Having an agent like selinux that knows and monitors the behavior of known processes, and prevents unexpected behavior, presents a second line of defense that _may_ prevent or mitigate an attacker's ability to take over a system. While certainly not a substitute for secure programming practices, it may lessen the impact of security holes that do exist in deployed applications.
Is it worth the added code complexity, configuration complexity, system resources, etc. required to use it? That is a question that different admins will come to their own conclusions about. Also, selinux is in its relative infancy, and there is currently both a shortage of expertise about it in the admin community, and problems in the current packaging (e.g. rule sets that break things in the default configuration) that are causing headaches. As these issues are dealt with, folks may or may not decide that selinux enhances the security of their systems. Some have already made their decisions.
We are currently running selinux in permissive mode. Also, I had to remove some of the RPMs during the Centos 4.2 update, because the RPM update wanted to scan every file in the ~4000 user home directories in our central file storage pool _from every host running the update_. Oh, and that's a central file storage pool that doesn't even do ACLs. Bad selinux. No biscuit.
That being said, I would like to use selinux as _one_ piece of our security infrastructure. But there are several issues that need to be solved before I do so.
Dave Thompson UW-Madison