On 13/09/15 23:57, Peter wrote:
Hello, I have two questions.
1.How do I enable SElinux on my Linux mint 17 system? I just want simple default settings useful for an average user that mostly does web browsing.By the way I have tried google and found all of the information I looked at about enabling SElinux very confusing.I presume the following website is the main source of information on SElinx
Change the file: /etc/selinux/config ..to read: selinux=enforcing http://forums.linuxmint.com/viewtopic.php?f=90&t=109916
but I could not find how to enable SElinux from it.If this information is not on the website in a simple form my next question is
2.Why not?
There are two main ways to approach systems: 1) Learn as you go along / by error 2) Start with "Best Practice" and face a steep leaning curve Method #1 means you don't solve problems until you encounter them. Most are benign but it means you can get blind-sided from time to time. #2 Means you are more secure out of the box but stuff will just not work. SE Linux is simple to set up and simple to blindly configure by using: sudo audit2allow -w -a ...every minute that something stops working. The problem here is that if you run audit2allow without actually checking and understanding what you are doing then you might as well not use SE Linux (since you probably will allow malicious activity through anyway). There is an alternate SE Linux setting that makes notices rather than enforces them so you can set up your SE Linux rules over time. There is no check box in Linus to "Apply Protection Y/N" because computer systems are complex technologies. I am not running SE Linux on this machine and on a server where it is installed we had a Wordpress vulnerability exploited. Those "saboteurs" you speak of are only the gaps in our knowledge in how to maintain our own systems. I would suggest that you run SE Linux in a VM on your desktop so that you can see what it blocks without having impeding your use of the base system. Once you have learned all about SE Linux then use it as part of your overall security system. P