Configuring SELinux with community modules
We now looked at how to get a system up and working using SELinux under Puppet. We can go ahead and build a module to manage our policies by hand, but why not use a module someone else has invested time into. We're better off contributing work back to make an existing module better if it can be made to work for us.
In this section, we'll be looking at the spiette/selinux module that contains a more complete solution to manage SELinux on Puppet.
This module can handle setting SELinux to any of the three modes (disabled, permissive, and enforcing). It can also handle compiling SELinux policy modules and installing them on hosts. This allows you to track the more easily handled plain text versions of the files ...
Get Learning Puppet Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.