SELinux Policy Editor: Removing micromanagement from administrative control

By | August 23, 2006

Administrators often criticize Security Enhanced Linux (SELinux) policies for being too complex, and they have a point. Mandatory access control-based administration is tedious and easy to misconfigure.

It can be tough to handle the extended security attributes across a range of users, processes and files or directories that encompass more than one server. Novell addresses this problem in its enterprise-class server offerings with the AppArmor suite of policy management applications, but nothing comparable exists yet for systems management in Red Hat enterprise servers (or CentOS derivatives).

Although it´s not included in the RHEL distribution, the SELinux Policy Editor (seedit), originally developed by Hitachi Software, fills that void. Seedit offers a suite of native front-end administration utilities. Even a seasoned SELinux system administrator will find seedit useful in daily use, especially in cases when a single policy oversees operations of multiple systems. Seedit provides a control panel with icons that correspond to status, management, policy generation, policy editing and policy application or re-labeling actions.Read Full Story

Leave a Reply