Very few people actually understand SELinux, let alone implement it in their environments. Many companies I have worked with simply turn it off as a matter of course. I have even seen commercial software distributed for Enterprise Linux distributions which lists disabling SELinux as an installation step. As a result I felt it prudent that I get to grips with this technology both for my own understanding, and to help others.
With the advent of the GDPR this solution is no longer acceptable. Whilst this project does not intend to get into any debate on the meaning or implementation of the GDPR, it is based on the premise that in the event of an attack on a system (whether that attack was successful or not), it would have been better to have taken advantage of this additonal security layer than to have simply turned it off because it was deemed too complex or difficult to get working.
James Freeman - Quru solution architect
At this stage, this project does not aim to be a comprehensive coverage of SELinux - it is a huge and powerful security layer and there are many excellent references texts on it. I have always learned better by doing than by reading or sitting in a lecture or webinar, so I decided to come up with a set of labs where you can safely learn some of the more common SELinux fundamentals and hopefully demystify it.
As such the scope of this project is a very common scenario that I have come up against many times in my career:
MLS is beyond the scope of this project at this stage but may be added if there is a requirement for it.
The lab is available on Github.
Quru is a market leader in the technical development, deployment and support of Linux and open source solutions that help organisations to reduce costs and increase operational agility and capability. We have also developed multiple award-winning software solutions ranging from mobile phone apps to global enterprise systems. Quru is based in Somerset House on the banks of the Thames, right in the centre of London. More...