Running the Ubuntu distro as a server or as a desktop as default might not be the smartest choice if you want to be as secure as possible. SELinux is a security enhancement to Linux based security sensitive projects. We advice installing SELinux op top of the default Ubuntu 22.04 server or desktop install.

The default Ubuntu install will setup AppArmor, a Linux application security system which is an ease to use setup, but SELinux might be a better solution for more secure demands, customer setups or infra standardization. Both AppArmor and SELinux work through the Linux Security Module (LSM) interface but Linux only permits a single LSM to be active at the same time.

1. Stop and disable AppArmor at startup

2. Install SELinux & Enable SEL

3. Check status of the install

4. Reboot & Verify config status

Reboot the instance (remember to be able to access the server via the management console or make sure you can login with a user that has sudo access (no root remote ssh will be accessible with SELinux active) and after reboot check the config file.

note this can take a while since SELinux will relabel your files and directories on first startup

check if it includes the line: SELINUX=permissive

5. Modify to enforcing

Change the SELINUX=permissive to SELINUX=enforcing

6. Reboot and check status again

Now you will see the system is set to Enforcing.

Congratulations, your system is hardened on NSA level protection with SELinux, if you need to dig deeper always check out the official documentation or atSELinux on Githubor contact us for help setting up your systems with SELinux at [email protected]