Include selinux in Server Security Check?

Post Reply
adept2006
Junior Member
Posts: 4
Joined: 26 Dec 2006, 23:51

Include selinux in Server Security Check?

Post by adept2006 »

Apparently, Security-Enhanced Linux (selinux) isn't as secure as the title implies... :eek: - see post by katmai: http://forums.cpanel.net/showthread.php?t=55944

Would it be worth adding another check in the csf Server Security Check to warn if selinux is enabled?

(also, could this be another item addressed by the CS Server Service Package?)
bloggerman
Junior Member
Posts: 25
Joined: 20 Jan 2007, 04:26

Post by bloggerman »

adept2006 wrote:Apparently, Security-Enhanced Linux (selinux) isn't as secure as the title implies... :eek: - see post by katmai: http://forums.cpanel.net/showthread.php?t=55944

Would it be worth adding another check in the csf Server Security Check to warn if selinux is enabled?

(also, could this be another item addressed by the CS Server Service Package?)
Never has and never will be secure, these guys here at config server are on top of it all it seems, as I have CSF on _ALOT_ of our servers and I am very pleased with it. SELINUX sux0rz period!
sebby
Junior Member
Posts: 48
Joined: 11 Dec 2006, 19:26

Post by sebby »

[CentOS4 w all CS scripts installed]

Everyone seems to be biased when it comes to Selinux...
Is disabling selinux an official recommendation of the ConfigServer Team?

Regards,

/sebastien
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

AFAIK, cPanel won't function correctly on a server with SELinux full enabled, only in permissive/disabled modes.
sebby
Junior Member
Posts: 48
Joined: 11 Dec 2006, 19:26

Post by sebby »

To your knowledge, is the following message generated by Selinux:

Code: Select all

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Feb  7 18:50:56 server2 filelimits: Increasing file system limits succeeded
These log files are great but how can we find out what generated them?
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

sebby wrote:To your knowledge, is the following message generated by Selinux:

Code: Select all

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Feb  7 18:50:56 server2 filelimits: Increasing file system limits succeeded
These log files are great but how can we find out what generated them?
That's nothing to do with selinux. cPanel run a script regularly that checks the current open file descriptor limit in the kernel and compares it to how many files are actually open. If the second value is approaching the first then the script pokes a new value for the open file descriptor limit into the kernel. It then also redoes this when the server is rebooted.

This helps to keep the server stable and optimises file descriptor performance.

It's perfectly normal to see this happening and is very common indeed on newly commissioned servers as load is applied to them.

Nothing to worry about.
Post Reply