Why SELinux Matters in Real-World Applications
1. Stops Zero-Day Exploits from Spreading
Imagine a web server (e.g., Apache or Nginx) gets hacked because of an unknown vulnerability.
Without SELinux, the attacker might gain full control over the system, read sensitive files like /etc/shadow
, or inject malicious binaries.
With SELinux enforcing policies, even if Apache is compromised, it can only read and write files it is explicitly allowed to access (e.g., /var/www/html
).
It can’t read /etc/passwd
, touch databases in /var/lib/mysql
, or modify system binaries.
2. Protects Against Misconfigurations
Sometimes, human error is the biggest threat.
For example:
- An engineer accidentally leaves database credentials in a public directory.
- SELinux policies can block processes from reading files outside their expected directories — even if file permissions (
chmod
) would normally allow it.
3. Multi-Tenant or Shared Systems
If a server runs apps for different clients or departments:
- Without SELinux: Any compromised app can attempt to access another app’s files.
- With SELinux: Each app runs in a confined domain; one app cannot interfere with another.
4. Real Corporate Example
- In 2019, a financial institution’s Linux web app was hacked.
- Attackers uploaded a malicious script that tried to open a reverse shell to exfiltrate data.
- SELinux in Enforcing mode denied the script’s attempt to connect to the attacker’s server — the intrusion was detected before any data left the network.
Commands Used in This Case
Install SELinux packages
sudo yum install -y selinux-policy selinux-policy-targeted policycoreutils
Disable SELinux for now (permanent setting)
sudo vi /etc/selinux/config
Change SELINUX=enforcing to SELINUX=disabled
Verify change
grep SELINUX= /etc/selinux/config
Top comments (0)