We are planning an upgrade to a software package called PacketFence. PacketFence calls themselves, “a fully supported, trusted, Free and Open Source network access control (NAC) solution.” I was excited for this project because I am making a push to upgrade servers to newer versions of Red Hat. However, I was extremely disappointed after reviewing their server requirements. This is 2016 and companies are still requesting that security measures such as SELinux, and in this case, even the firewall gets disabled. I understand that it is an open source product, but we pay for the commercial support. Software providers should be vigilant while protecting their users. PacketFence is certainly not the only offender of this… they were just the ones I was looking at while having the motivation for a blog post. Cough, Cough, Ellucian.The site goes on to say:
Regarding SELinux or AppArmor, even if these features may be wanted by some organizations, PacketFence will not run properly if SELinux or AppArmor are enabled.
The focus in 2016 has been on encryption and many people are calling it the Crypto Wars 2.0, but we can’t forget about enabling and pushing other security measures as well. SELinux is commonly the first thing people disable when they have problems instead of trying to understand and incorporate it into their security plan. Some banks are still using lousy security questions, not supporting strong passwords, and have no method of enabling two-factor authentication. Anyone with a Facebook account and Google can probably figure out where you went to high school.
If people are not requesting the features then they will not be added. I reached out to PacketFence on Twitter and will hopefully hear back some good news.
By the way, Red Hat released a fun coloring book to help administrators learn SELinux!