Open Source Software and Linux

Dec 9 2008   12:47AM GMT

SELinux on Ubuntu



Posted by: Xjlittle
Tags:
centos
linux security
red hat
selinux
ubuntu

The other day after installing Ubuntu on one of my test machines I noticed that there was an ls -Z command which shows various selinux information about files and directories.

Running this command however gave some strange output, primarily ? marks. I thought this was a little strange but had other things that I needed to do at the time and decided that I would look into it later.

This weekend was that time. Let me say that I use SELinux on my Red Hat and CentOS machines and think that it is a very good way to help secure a machine. However it is anything but intuitive. If it weren’t for some very good documentation at Red Hat I probably never would have been successful at using this security tool. Mind you I’m no guru with it but I have six servers using it and I know how to troubleshoot SeLinux problems.

Which brings me to the part about Ubuntu and SELinux that I find disturbing. Doing some Google searching I ran across two pages regarding Ubuntu and SELinux. Both of them had no usable information in them other than how to install SELinux. Nothing about what to expect, how to troubleshoot, what a context or a boolean is nor did it mention if Ubuntu provided any troubleshoooting tools like setroubleshoot. You can find these two pages here and here.

The documentation only warned that SELinux is for experienced users. While that is an understatement how do they expect people to start using it to protect their machines? It would seem to indicate that they have no real interest in their users having the ability to use SELinux. I personally think that is a shame. I also believe that it is going to hurt their efforts at becoming enterprise ready especially with their server product. I certainly won’t be installing Ubuntu on any of my critical machines.

-j

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: