Two technologies help provide protection for SpreeCamps systems: firewalls and SELinux.

SpreeCamps delivers standard iptables in a configuration that is designed around the needs of developers. Basic access via web is enabled, but the development sites and ssh are protected by default.

SELinux is an Open-Source implementation of mandatory access control that relies on the Linux Security Modules inside the Linux kernel. From a developer’s and a user’s standpoint, SELinux is an extra layer of protection that the operating system provides.

Many developers and Systems Administrators, though, do not use SELinux because of the complexities in properly configuring SELinux to match the needs of web applications. End Point (and SpreeCamps) engineers have significant experience using SELinux for production websites. The default SpreeCamps system comes with a pre-configured SELinux policy that protects the full stack of the web application, including Passenger and the database.

Since all SpreeCamps systems provide root access, SpreeCamps customers can easily turn off SELinux. However, SpreeCamps engineers would like to know of any problems encountered in running with SELinux and are available to provide assistance.