• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 432
  • Last Modified:

SE Linux management > Is it best set to Enforcing mode . Disabled? (fedora 14) - Linux n00b


Mate set it like this on a test box.

Should I revert to Permissive or enforcing?

HAving no joy setting up SWAT and Im wondering if this is the spanner in the setup works.

0
fcek
Asked:
fcek
3 Solutions
 
farzanjCommented:
Enforcing is good but you have to know what you are doing.  If you are using GUI and SELinux tools, it gives you tips what to do.

Set it to permissive and make sure everything is running that way it is running.  Make sure to check the logs and SELinux messages in Permissive mode that informs about issues.  Once all the issues are resolved, set it to enforcing.

Most people in the Linux world don't know how to use SELinux and therefore hate it.  It is a very good tool provided that you know how to use it and you can reap the full range of security benefits if you can write your own policies!

If you don't care about this extra layer of security and want to avoid hassle, you may simply disable it.
0
 
fosiul01Commented:
You should use Permissive or disabled...

best is just disabled it.

you will have to be really really good in linux to use selinux with every services....

I hardly see people use selinux  , and most of the time you will see linux base software is saying, turn off the selinux ..

example. if you go for Virtual server, selinux will be off straight way..

so dont worry about selinux.. just disable it for time being.

0
 
arnoldCommented:
SELinux is a tool that helps secure one's system from different type of attacks. And in an event when an attack gets on the server, selinux in some cases will make it harder for the attacker to further damage/compromise the system.

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now