7

Through my (short) job experience to date, I have gained quite a bit of knowledge of how SELinux works, from an implementation point of view and how to administer it.

I personally have several qualms with SELinux, such as it seems to be overly complicated in many regards to the point that security seems to be very hard to reason about. So, I'd like to know how warm the industry is to SELinux.

Do you employ SELinux on one of your production servers? If so, what kind of success do you have? No seriously divulging details, but do you work for an organization that is involved with Government, (DoD/DoJ, defence contractor, etc)? Are there non-government companies that find this useful?

Jeremy Powell
  • 101
  • 1
  • 6

3 Answers3

3

SELinux does a good job at exposing the sheer complexity of an entire Linux system. Modern Fedora and RHEL systems get a lot of [SELinux] attention and for the most part you won't know SELinux is "running" (It is not a deamon it is mostly hooks in the kernel coupled with a security policy for decision making).

An interesting (sometimes frustrating) aspect of security is the question "what's it doing?" or "is it working?". Well if it is working you might not ever know. If you are running a web server and it has just been staying up, then you might not know a couple of exploits were even tried against your system.

As for Government, there are public sources (listing of government projects and the like) that seem to point to that MAC (Mandatory Access Control, ie SELinux) is being used, and possible quite heavily. Government systems, depending on deployment and what information a system holds, have to meet certain criteria before being used.

As for private companies, I don't know. If they need the integrity that SELinux brings to the table, then they should.

In the end security is really risk management and choosing the right level of effort. Also security is an on going effort, not something you merely turn "on"

rev
  • 113
  • 1
  • 8
  • Aren't there any 'spy' programs to follow the policies in play? – Anders Eurenius Jul 30 '09 at 16:28
  • It's definitely a risk management, but you can't do risk management without being able to measure the assurance that SELinux is giving you. And you definitely can't measure it if we never know its working. – Jeremy Powell Aug 13 '09 at 14:27
  • 1
    Part of risk management is your security goals. Defining them is the hardest part. But once you have them you will take several courses of action. If SELinux is part of your solution then it would be wise for you to do analysis on applications and services of interest. 1) there are tools to do policy analysis (sesearch, sechecker, apol, sediff) 2) one of the advantages in the design behind SELinux policy is that it is centralized; ie only one place to do analysis. Is SELinux the answer? Depends on your goals. Does SELinux work? LSM hooks in the kernel are hit and enforced. Is security easy? no – rev Aug 18 '09 at 15:06
3

A lot of shops that I know of, would like to use SELinux, but are not able to. Many vendors that build their products for RHEL, for example, explicitly require SELinux to be shut off. As long as joints like Oracle do not properly support SELinux, I don't see it taking off big time, except on web servers (on which I would always leave it on!) SELinux isn't that complicated anymore. If you look at RHEL4 and RHEL5 and compare how complicated SELinux is on both, the difference is huge. If you compare Fedora 11 to RHEL5, the difference is huge again. Big strides are made, but as long as guys like Oracle think SELinux is not worth supporting, you'll keep seeing a lot of people turning it off.

wzzrd
  • 10,269
  • 2
  • 32
  • 47
  • This is the big problem, many vendors want their application or service to just work; they are not going to spend money on making sure it works with SELinux. – rev Aug 18 '09 at 14:57
1

You don't have to customize SELinux and write you own profiles if you just want to provide an additional layer of security around many well-known servers and deamons. The default configuration in some good Linux distributions will increase the security level of your system in case of a service is being attacked with a working exploit.

Federico
  • 351
  • 2
  • 7
  • This is true. For example fedora and rhel5 are supported by red hat and they support their customers so policies like apache get a lot of attention. – rev Aug 18 '09 at 14:36