SE Linux?

Discussion in 'Developers' Forum' started by webstergd, Feb 2, 2006.

  1. webstergd

    webstergd ISPConfig Developer

    What are the current plans for implementing SE Linux with ispconfig? most linux distro's support SE Linux and we would only need to create SE Linux context files. However, that is easier said then done. Once my work load lightens up I can start working on this for apache but until then if anyone is interested in starting this project please look at:

    http://fedora.redhat.com/docs/selinux-apache-fc3/
     
  2. falko

    falko Super Moderator

    Right now there are no plans for doing this. I think it will be very, very complex to inetgrate SELinux with ISPConfig as ISPConfig deals with so many services. This will be for very experienced sysadmins only...
    But if you know an easy way how to do it, then we can try to implement it. :)
     
  3. webstergd

    webstergd ISPConfig Developer

    stepping stones

    I was thinking we could make stepping stones. Redhat allows your to be able to turn off deamons that are monitored by SE Linux. I am sure other os's have something close to that also. From there we could disable SE Linux and on most of the deamons our software is using and start with one deamon. Knock that out and more on from there.

    As far as wirting the context tables...Apache shouldn't be that bad. MySQL should be very hard. The website I posted earlier should allow someone to make a simple context file for Apache. It would not be super "LOCKED DOWN," but it would still be much more secure.

    Maybe we could post a request on sourceforge for an SE Linux expert. I could get something working but I am no expert.
     

Share This Page