Difference between revisions of "NewUsers"

From SELinux Wiki
Jump to: navigation, search
Line 20: Line 20:
 
! How to get it
 
! How to get it
 
|-
 
|-
|Red Hat Enterprise Linux (4+)
+
||Red Hat Enterprise Linux (4+)
|Default
+
||Default
 
|-
 
|-
|Fedora (2+)
+
||Fedora (2+)
|Default
+
||Default
 
|-
 
|-
|Ubuntu
+
||Ubuntu
|Hardened Ubuntu
+
||Hardened Ubuntu
 
|-
 
|-
|Debian
+
||Debian
|add-on
+
||add-on
 
|-
 
|-
|Gentoo
+
||Gentoo
|Hardened Gentoo
+
||Hardened Gentoo
 
|}
 
|}
  

Revision as of 15:33, 7 October 2009

This is a resource for new users, it explains in very broad terms what SELinux does, how to get it and so on.

What does SELinux do?

SELinux controls access between applications and resources. By using a mandatory security policy SELinux enforces the security goals of the system regardless of whether applications misbehave or users act carelessly. SELinux is capable of enforcing a wide range of security goals, from simply sandboxing applications to locking down network facing daemons and restricting users to only the resources they need to work.

How do I know if SELinux is on?

If you use Red Hat Enterprise Linux or Fedora it is enabled by default. To see whether it is actively enforcing the policy you can run getenforce: [root@localhost ~]# getenforce Permissive

How do I get it?

SELinux isn't a distribution by itself but a security enhancement to Linux that can be enabled by your distribution or vendor (or yourself if you are very motivated).

Distribution How to get it
Red Hat Enterprise Linux (4+) Default
Fedora (2+) Default
Ubuntu Hardened Ubuntu
Debian add-on
Gentoo Hardened Gentoo


Why do I have it?

Your distribution or vendor may have chosen to enable SELinux by default. They are doing this because they want added security protections on the versions of Linux they ship. A huge amount of effort has gone in to creating security policies that protect your system from intrusions while at the same time allow users to behave the way they normally do. Leaving SELinux enabled on these systems is a good idea because it can protect you from zero-day and known vulnerabilities while balancing your need to use your system the way you need to.

Where can I find help?

mail lists

fedora-selinux

ubuntu hardened

gentoo hardened

link to administrators and users

<additional resources>