O'Reilly logo

Fedora Linux by Chris Tyler

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using SELinux

Security Enhanced Linux (SELinux) is installed and enabled by default in Fedora Core. SELinux controls what a program is and is not allowed to do, enforcing security policy through the kernel. This prevents an attacker from using a compromised program to do something it was not intended to do.

Although SELinux can at times be challenging to configure, it dramatically improves protection against some common system attacks—so a little bit of effort can pay off in a big way.

How Do I Do That?

SELinux is managed using the same graphical tool used to manage the firewall. Click System→Administration→“Security Level and Firewall” to start it, then select the SELinux tab, shown in Figure 8-5.

Graphical configuration tool for SELinux

Figure 8-5. Graphical configuration tool for SELinux

There are three possible values for SELinux Setting:

Enforcing

Fully enables SELinux. Any attempted operation that violates the current security policy is blocked.

Permissive

Enables SELinux security checks but does not enforce the security policy; operations that violate the current security policy are permitted, but an error message is logged to record the event. This is useful if you have previously disabled SELinux and want to evaluate the potential impact before you enable it.

Disabled

Completely disables SELinux.

If you enable SELinux (using Enforcing or Permissive mode), expand the Modify SELinux Policy section by clicking the triangle. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required