Since Ubuntu switched to systemd in 15.04, I started wondering what other things I could do to bring it more in line with the likes of Fedora.
First step, SELinux, the mandatory access control system developed by the NSA and employed predominantly by Red Hat and its derivatives. SELinux works by allowing only applications with predefined policies access to objects and files with the same context specified in the application’s policy. This is contrasted with Ubuntu’s native AppArmor MAC system, which allows applications with no policy to roam freely and only restricts applications with defined policies. Those who want SELinux in Ubuntu are in luck. To install it, run
sudo apt-get update
sudo apt-get install selinux selinux-policy-default
sudo reboot
sudo restorecon -R / #restore contexts across root,
#as no labels were previously applied
From here, SELinux is already active and enforcing, but you can run `sestatus` and verify this. Additionally, you can run `ls -lZ` in your home directory. You should see something like this:
unconfined_u:object_r:user_home_t:s0
The next logical step for me was to install firewalld, the default firewall in Fedora.`Simple enough, just install the `firewalld` package and activate it via systemd
systemctl start firewalld
systemctl enable firewalld
No really, it’s that simple. Just use firewall-cmd to administer it like you would in Fedora.
Now if I could just do something about apt.