BLAG

BLAG Forums
It is currently Sun Dec 21, 2014 5:31 am

All times are UTC




Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Wed Aug 01, 2007 10:38 pm 
Offline

Joined: Sun Mar 25, 2007 11:33 am
Posts: 240
Location: Great Lakes
I was reading about Vista vulnerabilities and came accross a refernece to "SELinux". I checked with wikipedia, and read about it, but I'm not sure how or if this affects my use of Linux on a desktop.

Can someone define how, or if, SELinux is in BLAG? Is that even a correct question?

Thanks,
Mike H


Top
 Profile  
 
 Post subject:
PostPosted: Wed Aug 01, 2007 10:43 pm 
Offline

Joined: Sat Sep 02, 2006 12:22 am
Posts: 122
SELinux is in BLAG, I don't think it's used, but I don't have a clue what it does either...


Top
 Profile  
 
 Post subject:
PostPosted: Wed Aug 01, 2007 10:53 pm 
Offline

Joined: Sat Jun 09, 2007 4:16 pm
Posts: 56
SELinux is in BLAG but deactivated :
Code:
# grep selinux /boot/grub/grub.conf
kernel          /boot/vmlinuz-2.6.21-1.3228.fc7 ro root=LABEL=blag rhgb quiet selinux=0


For a desktop system, it is, today, more annoying than it is useful...[/code]


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 02, 2007 2:13 pm 
Offline
Site Admin

Joined: Wed Mar 17, 2004 6:17 pm
Posts: 1340
Location: London, UK
Code:
 nl /etc/selinux/config
     1  # This file controls the state of SELinux on the system.
     2  # SELINUX= can take one of these three values:
     3  #       enforcing - SELinux security policy is enforced.
     4  #       permissive - SELinux prints warnings instead of enforcing.
     5  #       disabled - SELinux is fully disabled.
     6  SELINUX=disabled
     7  # SELINUXTYPE= type of policy in use. Possible values are:
     8  #       targeted - Only targeted network daemons are protected.
     9  #       strict - Full SELinux protection.
    10  SELINUXTYPE=targeted


Luckily it's disabled by default in BLAG [line six]. More annoying than useful for me.

_________________
BLAG 'em up!


Top
 Profile  
 
 Post subject: Permissive
PostPosted: Sat Aug 11, 2007 11:32 pm 
Offline

Joined: Sun Aug 13, 2006 8:26 pm
Posts: 42
selinux=0 is the default, because not all of selinux is installed by default. This is understandable, considering our past experiences with it. However, with the work that Fedora has done with selinux targeted contexts, I think it is better to run selinux in permissive mode, than it is to disable it. That way your contexts are set for all your files in case you wish to enable selinux (targeted, unless you're masochistic).

I use selinux with all my systems in enabled (targeted) mode, and have found it to be quite useful.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Aug 12, 2007 12:58 am 
Offline

Joined: Sun Mar 25, 2007 11:33 am
Posts: 240
Location: Great Lakes
What is SELinux for? Why would one use it?


Mike H


Top
 Profile  
 
 Post subject: SELinux
PostPosted: Sat Aug 18, 2007 5:10 pm 
Offline

Joined: Sun Aug 13, 2006 8:26 pm
Posts: 42
SELinux is the overarching, kernel level security manager, based on (in Fedora) targeted security contexts. Of course, one could set the entire NSA style configuration, but your context configurations will take an eternity to configure (let alone comprehend).


Top
 Profile  
 
 Post subject: What does it protect ??
PostPosted: Sat Oct 20, 2007 3:00 pm 
Offline

Joined: Fri Sep 03, 2004 10:34 pm
Posts: 186
Location: Ontario, Canada
Hi Y'all,

Does any one know what SELinux is supposed to protect ??

Am I at risk doing on-line banking or watching streaming flash video etc with SELinux=0 ??

Thanks

Rob

_________________
Registered Linux User # 342652 Mandriva One 2007 Spring


Top
 Profile  
 
 Post subject:
PostPosted: Sat Oct 20, 2007 6:31 pm 
Offline

Joined: Fri Nov 18, 2005 3:07 am
Posts: 699
It basically affects how easy an executing file can break out of it's alloted running area and start doing stuff to the rest of the system. Supposedly it works, if it's set up correctly, which some people claim it doable, yet I've seen it mess up Red Hat Enterprise system messed up on default installs because of selinux.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group