Linux Firewall and SELinux (RHCSA)…

I’ve put the last two articles in the RHSCA certification series live.

These took a little bit of time because I was in denial (and ill for a couple of weeks). When I put the previous batch of articles live, I mentioned these objectives were the ones I knew least about. That’s mostly because my standard operating procedure for Oracle servers is to disable SELinux and turn off the firewall. I reached out to the OakTable to see what Oracle do on their engineered solutions (Exadata and ODA) and it seems the answer depends on which part of the solution you are discussing (RAC nodes or storage cells) and the age/patch level of the kit software you have.

In the early releases it was very much SELinux and firewall disabled. Later release have SELinux in permissive mode on some components and the firewall enabled on some components.

Running SELinux in permissive mode seems a bit pointless to me, unless you are investigating what policies need to be changed in order to switch to enforcing it at a later date. I’m still not convinced about the relevance of SELinux for a database server at this point, but my opinion may change as I get more familiar with it. It is quite literally an uneducated opinion at this point. :)

Now I’ve completed the revision notes for the RHCSA exam I guess I should think about taking the exam. I’ve just checked the Red Hat website and the earliest I could sit the exam in Birmingham is July. Unfortunately I’m out of the country for much of July, so it would appear the middle of August is probably going to be the first real opportunity. Most other cities have a couple of dates a month, but not here. Once again Birmingham proves itself to be at the arse-end of British I.T. :(