What types of deployments/applications/systems, etc. should I first look to leverage SELinux in?
Initially, SELinux will serve on Internet facing servers that are performing few, specialized functions, where it is critical to keep extremely tight security. Such a box would typically be stripped of all extra software and services, and run a very focused service or set of services, such as a Web server or mail server. In these edge servers, you can lock down the policy very tightly. This is made easier by the smaller number of interactions with other components. Similarly, a dedicated box running a specialized third-party application would be a good candidate. For the future, SELinux is targeted at all environments. In order to get there, the community and ISVs (independent software vendors) will need to work with the SELinux developers to produce the necessary policy. So far, a very restrictive strict policy has been written, as well as a targeted policy that focuses on specific, vulnerable daemons.
Related Questions
- What are the five types of electronic temperature sensors most often used in HVAC DDC systems? What are their applications, advantages and disadvantages?
- Did you know that Metal Building Systems have been widely used for all types of commercial, industrial, and community applications?
- What types of deployments, applications, and systems should I leverage SELinux in?