I Hate SELinux. You Can Too. (Linux+ Objective 2.5.1)
Рет қаралды 6,616
10 ай бұрынSELinux (Security Enhanced Linux) is a security system used in most RedHat based distributions. There's nothing really wrong with it, but it's confusing, frustrating, and far too complicated, in my humble opinion. Thankfully it comes with some pretty sane defaults.
It's OK if you don't hate it with me, but after this video, you'll be able to form an educated opinion of your own. Plus, it will prepare you for the Linux+ certification if that's something you're interested in getting!
The CompTIA Linux+ objectives are available here: snar.co/plusobjectives
WAYS TO SUPPORT SHAWN
---------------------------------------------
Patreon: / shawnp0wers
Merch: store.nerdlings.net
SuperStickers, etc!
WAYS TO SUPPORT EACH OTHER
-------------------------------------------------------
1) Be Kind
2) Answer comments/questions here
3) Ask/Answer questions on our Discord: snar.co/discord
WAYS TO FIND SHAWN OTHER PLACES
----------------------------------------------------------------
Landing Page: shawnp0wers.com
#linux #comptia #security
@charleschouteau2711 9 ай бұрын
Thank you Shawn, this is probably the clearest video about SELinux on youtube ! I remember discovering you like 10 years ago on the CBT nuggets videos for LPIC certification. Your enthusiasm, amazing teacher skills and your passion about Linux helped me a lot through the learning process, thank you for that and for the amazing content.
@shawnp0wers 9 ай бұрын
Thank you! It can be such a confusing beast, I'm glad my explanation makes sense! Also glad you found me here! :)
@Starcloud1986 4 ай бұрын
I completely agree with you! Thanks Shawn Powers!
@officialcaseyhalyn Ай бұрын
I love SELinux. Sure the config is a pain, but I learned how to read the log file, set Booleans, configure contexts, etc. with a little bit of learning and effort, you too can be an SELinux pro! It’s a great addition to your server security and has prevented my web server from getting compromised.
@cmtopchem 9 ай бұрын
I tried in vain to understand SElinux in CompTIA Linux+, but you describe it so simply that it is really fun. A well spent half hour.
@shawnp0wers 9 ай бұрын
Thank you!
@dreeastwood2500 9 ай бұрын
I want to thank you Shawn for your great content. I passed my exam today with your help. I found your videos a week ago and it was what I needed to not only reinforced what I had learned so far but actually allowed to me understand topics which other videos or course did not go into. Keep up the great work and I hope others find your content as informative as I did.
@shawnp0wers 9 ай бұрын
First off -- CONGRATS! And thank you, that means a ton to me! :)
@evanslawrence88 15 күн бұрын
Thank you Shawn. SELinux is definitely one of the most confusing topic on the Linux+ exam, but you have made it much more understandable.
@samu5167 9 ай бұрын
Thank you for the video. Feels like Internet has way too little information about SELinux.
@shawnp0wers 9 ай бұрын
It can be such a tough topic. And while this certainly doesn't cover every detail of it, my hope was to make what it does understandable, and dealing with it possible. (Instead of just turning it off, which I'll admit I've done a LOT of times myself!)
@SlinkyD 9 ай бұрын
This need to be the first intro to SELinux for everyone. I learned the hard way when it was rolled out. I hate it because it took me farther down the Linuxhole than I wanted to go.
@Agnubis 10 ай бұрын
My first job as a sysadmin had me work on CentOS machines and I just hated SELinux. I have yet to meet anybody who likes it. Like you said though, it came from a good idea but the implementation and its user-friendliness are debatable.
@brentsaner 6 ай бұрын
I like it. I deploy it in prod. It's proven to stop vulns that otherwise would have succeeded and given attackers access. There's a learning curve, but part of that is because of how flexible it is compared to something like AppArmor - just like any proper security engineering.
@szmonszmon 4 күн бұрын
You probably work with a people with skill issue. It happens...
@walter_lesaulnier 6 ай бұрын
The selinux log is hundreds of lines of the most incomprehensible log file I have ever seen. Great video- thanks. Helped my understanding a lot.
@shawnp0wers 6 ай бұрын
Glad it helped!
@DigitalMetal 10 ай бұрын
I also hate SELinux. I have very little experience with it but the experience i do have has always just been a headache. It doesn't seem to fix a problem and just makes things more complicated. If i don't want the web server accessing files, that's what file permissions or for. If I don't want people having web directories in their home directories, that's a setting in Apache. Adding a second step just confuses things and is more likely to break something.
@kjakobsen 10 ай бұрын
I think its a pity, that people have such a hate, for a technology this important. Even the teachers i had for Linux, teached us to turn it off completely. I don't like when we teach bad practices.
@shawnp0wers 10 ай бұрын
I understand the concern over teaching bad practices - the thing about SELinux is that the added security it offers, particularly is the bulk of situations, pales in comparison to its complexity and the frustration it causes. A security practice is only as good as it’s usability, in a practical sense. Don’t get me wrong, I really do understand your frustration, and agree in spirit. But “the juice isn’t worth the squeeze” in my experience. I wish that weren’t the case.
@Agnubis 10 ай бұрын
I tend to agree with Shawn with the caveat that if you work on systems that should be made highly secure in huge companies (yes, it's anyway always a good idea to harden your machines) you're going to want to use all the tools that you have at your disposal. If that means getting your hands dirty with SELinux and getting experienced with it, it'll probably be worth it in the long run as long as your team has a proper documentation that comes with how it's used on servers. However, just because something is important, like SELinux is, does not mean we can't dispute how it was implemented and its apparent complexity. I know that not everything can be made simple but especially when it comes to security which is so important nowadays, it's a good idea to, when possible, consider this when creating features (keeping in mind when SELinux was created, of course).
@szmonszmon 4 күн бұрын
"I Hate SELinux because it does what it was made to do" - corrected xD
@TirajAdikari 5 ай бұрын
Thank you Shawn .. you managed to make me hate SELinux too :D
@4thatfilm 7 ай бұрын
semanage @27:28 vs. setsebool
@JayAdams-km5fq 9 ай бұрын
Thanks!
@stanleyogadachinedu2736 2 ай бұрын
Thank you
@stanleyogadachinedu2736 Ай бұрын
I hate AppArmor lol
@sveu3pm 8 ай бұрын
great video.only why do you verlbalize commands so much. its much easier to do 0 1 2 then permissive enforcing and whatever is 3 shit. same with on off. off is 3 letters, 0 is only one. and you have to memorise off because it can theoreticaly also be disabled, or disable or remove
@sirmongoose 7 ай бұрын
I hate se linux. Learned about it for months, kept getting permission context errors. Couldn't get anything to work so I just disabled it entirely
@12six69 Ай бұрын
lmao