Q: Why is Hal going on about SELinux again? A: Because I investigate lots of Linux intrusions that would have failed if SELinux was enabled. At least come and learn to criticize SELinux from a position of knowledge and not FUD.
Antisyphon Training @Antisy_Training
28 Feb 2022
Coming up March 9-10 is @hal_pomeranz's 6-hour course, "SELinux – Necessary and Not Evil!" 10% of this course will be donated to @RuralTechFund. What's your experience with SELinux? Good? Bad? Let us know! Course details & registration can be found here: ow.ly/7q7a50I6lHa

Feb 28, 2022 · 9:50 PM UTC

8
20
103
Replying to @hal_pomeranz
SELinux implementations require actually understanding how your system works. I think proponents of it (I am one myself) underestimate how high a bar that is.
Replying to @hal_pomeranz
Or just use BSD
Replying to @hal_pomeranz
I cannot overstate how impossibly difficult it is to attack a system running SELinux with setenforce 1. Even if it's got openings and misconfigurations, an attacker is going to make buckets of noise finding the flaws. Know who does ls -laZ? Nobody but attackers.
5
6
1
35
Replying to @hal_pomeranz
Have you noticed most how-tos, specially for centos and redhat, start with "disable selinux" as step 1? 🤪
Replying to @hal_pomeranz
GIF
Replying to @hal_pomeranz
Making things work in SELinux is not that hard. Just another system to learn.
1
Replying to @hal_pomeranz
I have no red team experience, but I’ve never been part of a blue/purple team (or Ops team) that involved a successful exploit of a SELinux enforced system. Did my servers take more time to set up and get operational? Yes. Did I ever have to rebuild them after getting pwned? Nope
1
1
This tweet is unavailable
Ubuntu has gone with App Armor and so that’s the most natural choice for that platform. But SELinux is the choice on every other Linux platform.
1
2