Lately conversations keep turning up new slogans for SELinux. I figure this is as good a place as any to keep a running list so here we go:
- SELinux – Because users do weird shit.
- SELinux – Fuck root.
- SELinux – Hampering administrators since before it was cool.
- SELinux – Take revenge against the BOFH
- SELinux – High-security gone haywire.
- SELinux – Turning it off is like removing the batteries from a smoke detector. Sure it sounds better but you might get burned.
- SELinux – Because life is too simple.
- SELinux – AppArmor sucks.
- SELinux – It’s too early in the morning to be cleaning up after 11-year old kiddies.
- SELinux – Too powerful for our own good.
- SELinux – Here’s our root password, what’s yours?
- SELinux – Didn’t they teach you about using protection in high-school?
- SELinux – Blind faith not required
Thinking about slogans actually got me thinking about “short reasons to use SELinux”.
- SELinux will save you tons of money, your TCO will go down and your ROI will go up.
- SELinux supports 3-letter acronyms out of the box, no complex policy changes required.
- Zero day vulnerabilities are a fact. Do something about it.
- Trusted Solaris has been end-of-lifed and you’re not in the government space to begin with.
- Path-named based access control is weak.
- Implicitly trusting admins doesn’t have to be SOP.
- You’re not a security expert, let us do the hard work.
- The US military (and others) trust SELinux with their information, shouldn’t you? 1
These are just a few.
1 The answer to this question might actually be a resounding “no!” Don’t worry, I’m not offended.
Spencer Shimko 10 January 2008