[lotuseclat79]

LinuxWorld article (4 pages) here.

A security framework originally published by the US National Security Agency has begun to rack up an impressive list of protections agains security holes.

-- Tom

P.S. Some folks get paranoid when NSA is mentioned. There is no reason for this with regard to SELinux software when you can get the finer grain of blocking security that it offers after you get compromised and it stops the worst that can happen from happening - for example, if the root account has been compromised by malware, it can policy block changing the root password - see article for more.

Note: I checked my own Ubuntu Live CD (7.10) Gutsy Gibbon and there are some installed SELinux libs, not all of the tools, but enough to consider installing the entire set.

[tomdkat]

I've been putting off configuring a SELinux enabled FC7 server I'm building because it can be "challenging", to put it nicely, to get things up and running with SELinux but I'm looking forward to the educational experience.

I just need to get motivated....

Peace...

[lotuseclat79]

Hi tomdkat,

I assume you meant that SELinux was default enabled in FC7, and you would be reconfiguring it from its default settings - which I would save to be able to restore if needed.

-- Tom

[tomdkat]

Quote:

Originally Posted by lotuseclat79

Hi tomdkat,

I assume you meant that SELinux was default enabled in FC7, and you would be reconfiguring it from its default settings - which I would save to be able to restore if needed.

Sort of. I like to build the servers I run from source (grab the latest versions, etc) so I don't install Apache or MySQL when I install Fedora Core. As a result, I've got to do the SELinux setup by hand since the files that set that up for me don't get installed. Right now, I'm fighting with getting VsFTPd running with SELinux and I need to get the config files setup right so I can login remotely, etc.

Peace...