Run Asterisk with Selinux Enabled - RHEL/CentOS

Hi Guys

OS used : RHEL 6.x / CentOS 6.x

We usually compile the Asterisk from the source and install. It was recommended by Digium support staff that we need to disable the SELINUX in order for the Asterisk to run. But our security policy is changing and we need to get the SELINUX enabled. So we would like to know the process and procedure to run the Asterisk application with the SELINUX enabled.

Looking forward to hearing from the experts.

Regards
Jo

Run it in non-enforcing mode. Note the warnings, and tag the files/directories that it accesses with suitable security labels to avoid SELINUX objecting to them.

I’d note that with our use of Asterisk 1.6.1, we actually ran it under CentOS 5.3 and 5.7 without any SELINUX alarms, but it wouldn’t run under CentOS 6.6.

From your description, I think your management may be taking a tick box approach. Any security system really needs to be risk assessed based on deep knowledge. For something like Asterisk, simply maintaining an offline image and restoring it from that may be a better approach.