Configuring SELinux with community modules

We now looked at how to get a system up and working using SELinux under Puppet. We can go ahead and build a module to manage our policies by hand, but why not use a module someone else has invested time into. We're better off contributing work back to make an existing module better if it can be made to work for us.

In this section, we'll be looking at the spiette/selinux module that contains a more complete solution to manage SELinux on Puppet.

This module can handle setting SELinux to any of the three modes (disabled, permissive, and enforcing). It can also handle compiling SELinux policy modules and installing them on hosts. This allows you to track the more easily handled plain text versions of the files ...

Get Learning Puppet Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.