[CentOS] selinux stuff - I just don't get
Peter Farrow
peter at farrows.org
Mon Nov 14 11:13:41 UTC 2005
Thats because its entirely possible to make a system secure without
Selinux, it was only born in Centos from Version 4.
While I would never recommend turning off a firewall, I would recommend
turning off Selinux: a firewall doesn't stop stuff on the box working
properly as it ships, Selinux does.
For example anything that would stop squid running properly out of the
box (as Selinux does) is of limited value, in this instance its not
required, it gets in the way, it IS easily possible to have a secure
system without Selinux, whereas that is doubtful without a firewall.
Chalk and cheese springs to mind.
If Selinux is the "baby" in your metaphor, then the best thing to with
it is hold it under the water until it stops moving....
For those of us who know how to configure secure systems (and I'm not
suggesting you don't Tony by any stretch) Selinux is additionaly bloat I
(we) don't really need. It just slows the system down...
I''ve never needed it......
Pete
Tony wrote:
> On 11/14/05, *Peter Farrow* <peter at farrows.org
> <mailto:peter at farrows.org>> wrote:
>
> /etc/selinux/config
>
> Change this line:
>
> SELINUX=enforcing
>
> to this:
>
> SELINUX=disabled
>
>
> It always amazes me how quick people are to suggest that you just
> switch selinux off, without balancing the suggestion with an
> explanation of what they are losing by doing this. Would you switch a
> firewall off because it keeps filling your log files up with packet
> info? An English expression involving babies and bathwater springs to
> mind ;-)
>
> --
> Cheers,
>
> Tony
>
>------------------------------------------------------------------------
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos
>
>
More information about the CentOS
mailing list