[CentOS] an actual hacked machine, in a preserved state

Tue Jan 3 09:26:29 UTC 2012
Benjamin Donnachie <benjamin at py-soft.co.uk>

On 3 January 2012 02:30, Bennett Haselton <bennett at peacefire.org> wrote:

> In other words, when SELinux causes a problem, it can take hours or days
> to find out that SELinux is the cause -- and even then you're not done,
> because you have to figure out a workaround if you want to fix the
> problem while keeping SELinux turned on.


Unfortunately, good security is hard.  I didn't understand SELinux a few
years back and turned it off but didn't realise that a php application on
my webserver left me vulnerable.  Sure enough, one day I was attacked but
luckily I had set the permissions up very tightly and they were unable to
cause any damage.

These days, I wouldn't leave it to chance and would keep SELinux as an
additional layer of security; yes it's annoying at times, yes it can be
difficult to get right but investing a few hours now is better than taking
your critical systems down for days in the future.  There are lots of
resources out there to help you understand it - ones I have used in the
past include:


http://www.amazon.co.uk/SELinux-Source-Security-Enhanced-Linux/dp/0596007167/ref=sr_1_2?ie=UTF8&qid=1325582583&sr=8-2
  http://www.ibm.com/developerworks/linux/library/l-selinux/
  http://www.ibm.com/developerworks/linux/library/l-rbac-selinux/

SELinux isn't a panacea and should be combined with other security
precautions, but it will help you when the attackers come knocking on your
server if you take the time to configure it properly.

Ben