Top 10 SELinux Stories of 2007

    Date14 Jan 2008
    CategorySELinux
    22028
    Posted ByBrittany Day
    2007 was an interesting year for SELinux. Many issues were important and gained exposure, but what did you, the reader have to say about the most important articles in SELinux? There are many ways to judge this and one of them is by listing the most popular articles as chosen by our readers over the course of the year, based on hits. It isn't the only answer, but certainly an interesting one.

    Click through to see the list of the Top SELinux stories on Linuxsecurity.com for 2007. Also: For a COMPLETE list of all the SELinux articles that have ever appeared on LinuxSecurity.com, go here Easy to follow and organized by year, it's one of many, many resources avaialable at EnGardelinux.org with regards to SELinux.

    • #1: Don't Disable SELinux! (2007-06-25) - 3150 hits
      http://www.linuxsecurity.com/content/view/128596

      Josh Brindle commented on one of the most pressing issues with SELinux - that many companies decide to tell customers to disable it altogether instead of working through a different solution for a particular program. This was probably the most popular article of the year because SELinux still represents a strong learning curve and is still in a process of acceptance. When someone stakes a claim to not do what is likely common practice, chances are good people will want to know what they are saying.

      Bottom line: SELinux still has an aura of difficulty that convinces people to use the strategy of disabling the entire system. When Josh Brindle, an expert on the topic says "don't do this," people want to see if SELinux has evolved in a way that would replace this quick, easy and damaging strategy. Interestingly, the issue probably centers on the usability, not security effects, in disabling it.

      In other words, people are asking one main question above all others: Is the cost/benefit relationship of implementing SELinux changed? In this writers opinion, this has always been the biggest issue regarding SELinux, was the biggest issue for 2007, and will likely remain the critical issue in the year ahead.

    • #2: SELinux Constrains Samba Vulnerability (2007-06-01)- 3020 hits
      http://www.linuxsecurity.com/content/view/128413

      Samba is one of the most popular projects in open source. When there's a vulnerability that threatens it, and a solution exists that can contain the problem, people will be interested - 'Nuff said.

    • #3: SELinux Gets a Wiki (2007-05-18) - 2961 hits
      http://www.linuxsecurity.com/content/view/128245

      This addresses the usability issue. A Wiki can be an incredibly useful tool for learning about a program or application. If such a resource is created for SELinux especially on the popular Fedora distribution and the learning curve is still high, this should be no surprise.

    • #4: Secure Networking With SELinux (2007-05-31) - 2919 hits
      http://www.linuxsecurity.com/content/view/128403

      Another post coming from Josh Brindle. Again, he is one of the most visible experts on SELinux, and does a great job of addressing the most important issues in SELinux. Here, he addressed the recent improvements that came from the community and the differences between support in the early days and at the time of the article.

    • #5: Linus Torvalds on SELinux (2007-10-03) - 2757 hits
      http://www.linuxsecurity.com/content/view/129807

      Occassionally, the Linux Kernel Mailing list can get heated. In this instance, a discussion had started regarding whether or not LSM should remain the as the only security standard for the Kernel. As is sometimes the case, Linus Torvalds commented in a way that brought the comment some awareness. Whether or not Linus' reaction was taken out of context, the LSM issue is still an interesting one and harbors back on what strategy should drive Kernel security development. Are changes suggested because they are valuable? Or are they suggested because somebody wants to see something change? This friction (as can often be the case in any project) made it popular enough to make #5.

    • #6: Managing SELinux with SETools (2007-10-30) - 2374 hits
      http://www.linuxsecurity.com/content/view/130383 A great article by James Turnbull, another seasoned developer in the world of SELinux. This overview covered SETtools; specifically, apol which Analyzes SELinux policies, sediff which performs diffs on SELinux policy, seaudit, which analyzes audit messages and sechecker which checks SELinux policy. A worthwhile HowTo on these tools that most people found useful, and therefore popular.

    • #7: Kernel Space: A Simplified Security Framework for Linux (2007-10-10) - 2149 hits
      http://www.linuxsecurity.com/content/view/129966

      This was yet another article covering LSM and SELinux and which should take precedence. Is SMACK (Simplified Mandatory Access Control Kernel) good enough to replace whats there? The issue was that, according to many, the current security module would relegate security as an afterthought because it would require so much work to be integrated. The net result, it was argued, was that the liklihood of being avoided would increase, and security wouldn't be as effective. A great article summing up many of the most pertinent issues.

    • #8: Is SELinux Really too Complex? (2007-09-28) - 2105 hits
      http://www.linuxsecurity.com/content/view/129763

      Apparently, the Kernel issue was one of the more pressing issues. This article again covers the LSM, SELinux issue, with another interesting and compelling take on the importance of security within the kernel and where SELinux exists as a result.

    • #9: A Step-by-Step Guide to Building a New SELinux Policy Module (2007-08-23)- 2085 hits
      http://www.linuxsecurity.com/content/view/129044

      If you want help with making a new module, this article covers it. Obviously, based on its place on this list, this is one of the better HowTo's for doing just that. Easy to follow and informative, no wonder it comes in as #9 for the most popular SELinux article for 2007.

    • #10: Samba/SELinux Policy (2007-11-14)- 2049 hits
      http://www.linuxsecurity.com/content/view/130930

      Rounding out our most popular SELinux articles of 2007 is the 2nd showing by SAMBA and SELinux. A great HowTo by none other Dan Walsh, SELinux expert over at Red Hat, its proof that SAMBA security is at the forefront of many users minds. What's that mean? That SELinux is probably going to be involved.

    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com page/section?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    20
    radio
    [{"id":"73","title":"News","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"74","title":"Advisories ","votes":"4","type":"x","order":"2","pct":80,"resources":[]},{"id":"75","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"76","title":"Latest Features ","votes":"1","type":"x","order":"4","pct":20,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.