Securing Linux with SELinux (or AppArmor)

hydn · March 9, 2025, 12:06am

Read the full article: Securing Linux with SELinux (or AppArmor)

SELinux and AppArmor have been around for many years, but are still essential for maintaining a secure Linux environment. This article will cover how to set them up and troubleshoot these mandatory access control (MAC) frameworks. Even if they seem overwhelming at first, learning how they work and how to manage them is an important step… continue reading.

toadie · March 10, 2025, 5:12pm

What would you recommend for Debian/Ubuntu and Arch? AppArmor or SELinux?

hydn · March 12, 2025, 2:09pm

Thanks for asking! I missed mentioning any of that.

For Debian/Ubuntu and *SUSE, AppArmor is the way to go as it’s the system default and well integrated. For RHEL and derivatives they default to SELinux .

For Arch, SELinux is possible, but not commonly used because of the complexity of setup and maintenance. AppArmor is easier to config, but most Arch users (not a popular distro for servers) rely on traditional DAC (Discretionary Access Control) security instead of MAC (Mandatory Access Control) frameworks.

If you’re running a server and require serious security, SELinux is worth considering. For desktops and workstations, AppArmor is more practical.

Also see:

toadie · March 12, 2025, 5:58pm

Thank you @hydn. Really interesting and good to know.

A few days ago I got a VPS again and decided to use Ubuntu (I had Fedora, Debian, Rocky Linux, openSUSE and Alma Linux to choose from).

I have no idea what exactly I want to do productively with it, but I want to make it as secure as possible.