Discussion:
SeLinux
(too old to reply)
c***@free.fr
2024-07-27 22:40:01 UTC
Permalink
Hello

I have checked this doc,
https://wiki.debian.org/SELinux/Setup

Is selinux necessary in a production environment? Will it affect running
services such as web, database, mail, etc., causing potential problems?

Thanks.
--
corey hickman
Greg Wooledge
2024-07-27 22:50:01 UTC
Permalink
Hi,
Post by c***@free.fr
Is selinux necessary in a production environment?
"Will my door still function as a door if it has no lock on it?"
More like "Will my door still function as a door if it has a lock, but
isn't covered with metal spikes?"
jeremy ardley
2024-07-27 23:40:01 UTC
Permalink
Post by Greg Wooledge
Hi,
Post by c***@free.fr
Is selinux necessary in a production environment?
"Will my door still function as a door if it has no lock on it?"
More like "Will my door still function as a door if it has a lock, but
isn't covered with metal spikes?"
The analogy is more like, your house has windows that someone could
break and crawl through, but when they try and take your TV out the door
it's double deadbolted and the alarm has already started blaring.

The downside being you need two keys and have to punch in a security
code every time you go through the door.

jeremy ardley
2024-07-27 22:50:01 UTC
Permalink
Post by c***@free.fr
Hello
I have checked this doc,
https://wiki.debian.org/SELinux/Setup
Is selinux necessary in a production environment? Will it affect running
services such as web, database, mail, etc., causing potential problems?
Thanks.
I have set it up multiple times on cloud servers which handle eCommerce
applications. If nothing else, running SELinux in permissive mode shows
just what mischief eCommerce applications can get up to. They do things
including writing new content to disk and sending emails, both of which
are a potential problem.

In my opinion, SELinux should be mandatory on any internet facing facing
machines. The reason is that the machine *will* at some stage be
compromised and the task is to limit any exploits, which is exactly what
SELinux is designed to do.

Coincidentally I've just finished installing SELinux on my
router/firewall. It's more difficult with Debian than Redhat where
SELinux is maintained and is often deployed oh RHEL servers.
Andy Smith
2024-07-27 22:50:01 UTC
Permalink
Hi,
Post by c***@free.fr
Is selinux necessary in a production environment?
"Will my door still function as a door if it has no lock on it?"
Post by c***@free.fr
Will it affect running services such as web, database, mail, etc.,
causing potential problems?
"Has any computer software ever been misconfigured?"

Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Loading...