Tags: SELinux

How to Set Up SELinux Right, the First Time

When you need to run Linux in an especially secure environment, SELinux is the answer. But it takes some know-how to get the hypersecure Linux version up and running. Twenty years ago, when it became apparent how important Linux would become, the U.S. National Security Agency created a mandatory...
Read 0 Comments

A SysAdmin's Guide to SELinux: 42 Answers to the Big Questions

"It is an important and popular fact that things are not always what they seem…" ―Douglas Adams, The Hitchhiker's Guide to the Galaxy Security. Hardening. Compliance. Policy. The Four Horsemen of the SysAdmin Apocalypse. In addition to our daily tasks—monitoring, backup, implementation, tuning,...
Read 0 Comments

Understanding SELinux Labels for Container Runtimes

"I've just started to deal with some software that is containerized via Docker, and which is ordinarily only ever run on Ubuntu. Naturally this means nobody ever put any thought into how it will interact with SELinux. "I know that containers get a pair of randomly chosen MCS [Multi-Category...
Read 0 Comments

​Why You Must Patch the New Linux sudo Security Hole

If you want your Linux server to be really secure, you defend it with SELinux. Many sysadmins don't bother because SELinux can be difficult to set up. But, if you really want to nail down your server, you use SELinux. This makes the newly discovered Linux security hole -- with the sudo command that...
Read 0 Comments

Writing SELinux Modules

SELinux struggles to cast off its image as difficult to maintain and the cause of potential application problems. Yet in recent years, much has changed for the better, especially with regard to usability. For example, modules have replaced its monolithic set of rules. If you want to develop a new...
Read 0 Comments

Writing SELinux Modules

SELinux struggles to cast off its image as difficult to maintain and the cause of potential application problems. Yet in recent years, much has changed for the better, especially with regard to usability. For example, modules have replaced its monolithic set of rules. If you want to develop a new...
Read 0 Comments

SELinux, Seccomp, Falco, and You: A Technical Discussion

One of the questions we often get when we talk about Sysdig Falco is “How does it compare to other tools like SELinux, AppArmor, Auditd, etc. that also have security policies?” To help answer some of those questions, we thought we’d present a summary of other related security products and how they...
Read 0 Comments
Click Here!