SELinux: practicality vs Security?

[GuardMoony]

Ok, Most of you people probably came a cross this before. Trying to configure a new linux and getting nowhere just because SELinux is enabled.

So i taught lets ask some questions to the hak5 community and see what they think of SELinux. ( Not going in to the topic if its more secure :p )

• What is the standpoint of you guys on SELinux ( Good, Bad, Only made to annoy people, ... )?
• Do you make use of it?
• Did you ever wrote rules for this?
• Do you use it in combination of self compiled software?
• In witch scenario do you use it?

If you got some questions yourself, Feel free to add em.

[Jason Cooper]

There are a lot of factors that you have to think about before deciding if you should or shouldn't use SELinux. Sometimes you find that you don't have a choice, the software you are wanting to run just doesn't work with SELinux or there is a legal/contractual requirement to be running SELinux.

If there is no obvious reason that SELinux has to be used or can't be used then it comes down to a call of risk versus cost versus outlay. The risk includes things like: How many people can access it? How much do you trust those people that can access it? What is the probability that they can break in? What can they do when they have broken in?

As the numbers of users increase the risk goes up. The less trustworthy your users are the risk goes up. The more complex your setup then the higher the probability that someone will be able to find a way in increases, and the risk goes up. If they get in and can use the machine to pivot into the rest of the your network then the risk goes up.

The costs to be considered are how much will it cost you if someone does break in. This includes both the cost of clean up and the damage to your reputation and what else can they gain access to once they are in the server.

The outlay to be considered is how much will you have to spend on security (maintenance/administration in the case of SELinux).

Once you have an idea of those two you can look at your security objectively. If the risk presented from the server was low and the cost low, yet the outlay quite high (i.e. a lot of time to get the SELinux permissions configured, or needing to reconfigure them every time you update the server). Then it wouldn't be worth using SELinux. If on the other hand the outlay was still high, but you had a very high risk with a reasonably high cost, then SELinux may well be worth the outlay. If your setup works fine with the default SELinux permissions then the outlay is very low and there wouldn't be much reason not to use SELinux.

For the majority of tasks where you have to make significant configuration changes to the server/software, you will probably find that the outlay on SELinux's outweighs the risks and costs involved (especially if you are already using defence in depth methodology and separating your services onto different machines).

Another thing to remember with SELinux is that it is only any use if you know what you are doing when granting and denying permissions. If you just keep granting permissions to make every error you see go away without understanding what it is then you don't have any security as you the first time someone tries something nasty and you see the error and "fix it" by granting permissions the next time they try to do the same nasty thing they will be allowed.

[GuardMoony]

Thanks for your nice explained answer Jason. Hope some more people will answer :)

Just want to get the general feeling about it :)