[CentOS] selinux stuff - I just don't get

Peter Farrow peter at farrows.org
Mon Nov 14 11:18:25 UTC 2005 

We've been here before by the way

http://lists.centos.org/pipermail/centos/2005-May/006303.html


Peter Farrow wrote:

> Thats because its entirely possible to make a system secure without 
> Selinux, it was only born in Centos from Version 4.
>
> While I would never recommend turning off a firewall, I would 
> recommend turning off Selinux:  a firewall doesn't stop stuff on the 
> box working properly as it ships, Selinux does.
>
> For example anything that would stop squid running properly out of the 
> box (as Selinux does) is of limited value, in this instance its not 
> required, it gets in the way, it IS easily possible to have a secure 
> system without Selinux, whereas that is doubtful without a firewall.  
> Chalk and cheese springs to mind.
>
> If Selinux is the "baby" in your metaphor, then the best thing to with 
> it is hold it under the water until it stops moving....
>
> For those of us who know how to configure secure systems (and I'm not 
> suggesting you don't Tony by any stretch) Selinux is additionaly bloat 
> I (we) don't really need.  It just slows the system down...
>
> I''ve never needed it......
>
> Pete
>
>
>
>
>
> Tony wrote:
>
>> On 11/14/05, *Peter Farrow* <peter at farrows.org 
>> <mailto:peter at farrows.org>> wrote:
>>
>>     /etc/selinux/config
>>
>>     Change this line:
>>
>>     SELINUX=enforcing
>>
>>     to this:
>>
>>     SELINUX=disabled
>>
>>
>> It always amazes me how quick people are to suggest that you just 
>> switch selinux off, without balancing the suggestion with an 
>> explanation of what they are losing by doing this. Would you switch a 
>> firewall off because it keeps filling your log files up with packet 
>> info?  An English expression involving babies and bathwater springs 
>> to mind ;-)
>>
>> -- 
>> Cheers,
>>
>> Tony
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>  
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

More information about the CentOS mailing list