Time to harden up – SELinux is no longer an option

(Last Updated On: June 10, 2015)

Time to harden up – SE Linux is no longer an option

From an Youtube video below! SEC Linux was designed by the NSA.

More from an insider:

because even if you gain permission
[4:36:21 PM] you can’t do anything
[4:36:28 PM] like lets say someone got the password
[4:36:40 PM] or gave themselves permission on /var/www/ directory
[4:36:42 PM] of your web server
[4:36:46 PM] won’t matter
[4:37:03 PM] if they don’t have the context via semanage -l | grep httpd
[4:37:08 PM] they won’t be able to do shit
[4:37:23 PM] its an additional layer of security in redhat and centos
[4:37:28 PM] and was developed by the NSA
[4:37:36 PM] most people turn it off
[4:37:38 PM] because they don’t understand it
[4:37:48 PM] and its very hard to configure the system using it
[4:37:51 PM] because every boolean value
[4:37:53 PM] has to be set
[4:37:59 PM] on every file, service and port
[4:38:06 PM] because it embeds itself into every file, service and port
[4:38:15 PM] so thats why people disable it
[4:38:30 PM] however they are actually doing themselves a disservice by doing so and putting themselves at high risk of hacking
[4:38:49 PM] in my opinion the best way to manage it would be to use Puppet

won’t matter
[4:39:12 PM] if they have an exploit
[4:39:16 PM] that can give them file level access
[4:39:19 PM] they can always get back in
[4:39:23 PM] with SELinux
[4:39:28 PM] SecurityEnhanced Linux mode
[4:39:29 PM] enabled
[4:39:35 PM] all exploits go out the window
[4:39:44 PM] u would literally need root access and SSH access
[4:39:51 PM] to be able to change the policy level context
[4:39:54 PM] on any file, port or process
[4:40:02 PM] in order to do anything
[4:40:05 PM] its super hardened
[4:40:33 PM] https://www.youtube.com/watch?v=dtclmj3H7ZU
[4:40:42 PM] this is some of the lecture i watched
[4:40:47 PM] even a guy from Redhat whose worked with the NSA
[4:40:51 PM] made this domain
[4:41:27 PM] http://www.quora.com/Who-is-using-SELinux-as-part-of-their-production-security-implementation-and-why



[4:41:39 PM] stopdisablingselinux.com




Join my FREE newsletter to learn more about securing your trading server

NOTE I now post my TRADING ALERTS into my personal FACEBOOK ACCOUNT and TWITTER. Don't worry as I don't post stupid cat videos or what I eat!

Subscribe For Latest Updates

Sign up to best of business news, informed analysis and opinions on what matters to you.
Invalid email address
We promise not to spam you. You can unsubscribe at any time.


Check NEW site on stock forex and ETF analysis and automation

Scroll to Top