|
|
|
|
|
|
by garethsaxby
3701 days ago
|
|
|
I found that this talk (selinux for mere mortals) was good for me to start off - https://www.youtube.com/watch?v=cNoVgDqqJmM After that, Red Hat's documentation was probably the next most useful thing for getting started; https://access.redhat.com/documentation/en-US/Red_Hat_Enterp... But mostly it was a lot of proding and poking whilst setting various things up that helped a lot, and remembering that when something doesn't work, to check selinux first. The 'settroubleshoot-server' package for the Red Hat based distributions is also good whilst you're getting started in dev, as it takes the avc logs and 'guesses' what the likely cause of the problems you've had are, giving percentage likelihoods of the policies and booleans that might be causing problems. |
|
|
If you configuring logging correctly -- or just be aware of it, really, you can always optimize later -- you are no longer SysAdmin-ing blind.