[CentOS] selinux stuff - I just don't get

Mon Nov 14 15:57:52 UTC 2005
David Thompson <thomas at cs.wisc.edu>

Peter Farrow wrote:
>I agree 100% I don't need it to make a system secure.
>
>>and it appears still that your confidence that you can secure systems
>>without it gets in the way of any efforts to learn how it may benefit
>>you.

Having an agent like selinux that knows and monitors the behavior of known 
processes, and prevents unexpected behavior, presents a second line of defense 
that _may_ prevent or mitigate an attacker's ability to take over a system.  
While certainly not a substitute for secure programming practices, it may 
lessen the impact of security holes that do exist in deployed applications.

Is it worth the added code complexity, configuration complexity, system 
resources, etc. required to use it?  That is a question that different admins 
will come to their own conclusions about.  Also, selinux is in its relative 
infancy, and there is currently both a shortage of expertise about it in the 
admin community, and problems in the current packaging (e.g. rule sets that 
break things in the default configuration) that are causing headaches.  As 
these issues are dealt with, folks may or may not decide that selinux enhances 
the security of their systems.  Some have already made their decisions.

We are currently running selinux in permissive mode.  Also, I had to remove 
some of the RPMs during the Centos 4.2 update, because the RPM update wanted 
to scan every file in the ~4000 user home directories in our central file 
storage pool _from every host running the update_.  Oh, and that's a central 
file storage pool that doesn't even do ACLs.  Bad selinux.  No biscuit.

That being said, I would like to use selinux as _one_ piece of our security 
infrastructure.  But there are several issues that need to be solved before I 
do so.

Dave Thompson
UW-Madison