SELinux

SELinux is an advanced security mechanism available for Linux-based systems. Think of it as one more guarding layer on top of regular user and group access rights in Linux. Since Fedora-based systems come with a sane default set of SELinux policies out of the box, we get this extra security for our servers almost for free.It’s true that many administrators ignore SELinux and argue that given the SELinux complexity, it’s not worth the trade-off. The thing is that SELinux can prevent a class of security vulnerabilities that Linux permissions simply cannot and provide an additional security layer in the spirit of defense-in-depth, a security concept advocating for more independent layers of protection.

Policies

Targeted SELinux

User and Role Enforcement

Type Enforcement

File Contexts

SELinux Booleans

SELinux Modes

Troubleshooting SELinux

auditd logs

sealert and audit2allow

Writing Policy Files

Policy Rules

Custom Policy Modules

Summary

Buy for $50

Rated 36x five stars

Gumroad (as of Aug 3, 2023)

I am using some scripts I downloaded from Josef Strzibny's book that are setting up Ruby on Rails deployment and automatically installing a PostgreSQL server. I am also using Dokku, but I like the idea of controlling what is happening on the server.

Lucian Ghinda, Senior Ruby Developer

Table of Contents