On 28/7/24 06:30, cor...@free.fr wrote:
Hello
I have checked this doc,
https://wiki.debian.org/SELinux/Setup
Is selinux necessary in a production environment? Will it affect running
services such as web, database, mail, etc., causing potential problems?
Thanks.
I have set it up multiple times on cloud servers which handle eCommerce
applications. If nothing else, running SELinux in permissive mode shows
just what mischief eCommerce applications can get up to. They do things
including writing new content to disk and sending emails, both of which
are a potential problem.
In my opinion, SELinux should be mandatory on any internet facing facing
machines. The reason is that the machine *will* at some stage be
compromised and the task is to limit any exploits, which is exactly what
SELinux is designed to do.
Coincidentally I've just finished installing SELinux on my
router/firewall. It's more difficult with Debian than Redhat where
SELinux is maintained and is often deployed oh RHEL servers.
