I am looking for more information about SElinux. These are the SElinux features:
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
I note that on the API Gateway v10.1 the SElinux is not set to enforcing. What are the possibilities and consequences if we want to set it to enforcing?
Additionally, we would also like to know how this is set up in the new API Gateway version v11? And then how is the hardening of the API gateway appliance v11 set up based on Debian ?
Release : 10.1
1. Since we do our own hardening, SELinux shall be disabled on Gateway Appliances v10.0/10.1 by default:
SELinux status: disabled
2. Engineering did not try enabling SELinux; therefore we cannot predict the consequences.
3. New v11 (Debian OS) appliance also does not have SElinux. It has apparmor and it is set to enforce by default:
[root@11gwxxx ~]# cat /sys/kernel/security/apparmor/profiles
/usr/sbin/ntpd (enforce)
nvidia_modprobe (enforce)
nvidia_modprobe//kmod (enforce)
lsb_release (enforce)