Manage it with Puppet

Jeff — Tue, 21 Feb 2017 16:10:57 +0000

Once upon a time, many years ago, I wrote a blog post titled Stop Disabling SELinux! as a response to seeing many users, hosting companies, and development shops disabling SELinux as a first resort without any consideration of the increased security it was bringing them. The post outlines -- in a few easy steps -- how to configure SELinux for a common Drupal setup. But it's applicable to any LAMP application (plus memcached). I'm still a big proponent of running SELinux, and continue to encourage its use. In that same vein, I'd like to share how we at Tag1 Consulting typically deploy SELinux configuration using Puppet. Levering a configuration management system such as Puppet enables us to deploy SELinux configuration across many hosts with minimal work, as well as ensuring nothing is ever missed by making configuration changes manually -- a must for any scalable (and stable!) infrastructure. Too Long; Didn't Read Version "Holy shit, I'm not going to read a multiple-page blog post just to see what this guy has to say about Puppet and SELinux, just show me the code!" OK, OK! I understand I can be long winded at times. If you just want to see Puppet...

Jeff Tue, 02/21/2017 - 08:10

Stop Disabling SELinux!

Jeff — Thu, 22 Dec 2011 15:48:37 +0000

I see a lot of people coming by #centos and similar channels asking for help when they’re experiencing a problem with their Linux system. It amazes me how many people describe their problem, and then say something along the lines of, “and I disabled SELinux...”. Most of the time SELinux has nothing to do with the problem, and if SELinux is the cause of the problem, why would you throw out the extra security by disabling it completely rather than configuring it to work with your application?

Jeff Thu, 12/22/2011 - 07:48