[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Peter Farrow peter at farrows.org
Mon Nov 21 13:56:00 UTC 2005 

 >>It is not enabled by default ... unless you mindlessly click through

"Default" means, unless you do something to specify otherwise it will be 
this way,

SElinux IS enabled by default, as doing an install without specifically 
searching for it and changing it will result in it being enabled.

http://isp.webopedia.com/TERM/D/default.html




screens without reading them.


Johnny Hughes wrote:

>On Mon, 2005-11-21 at 04:38 -0800, Brian T. Brunner wrote:
>  
>
>>Thanks, Mike.
>>
>>What I read is that SELinux is still 'beta', and while the need for good 
>>security is decades old, we (CentOS/RHEL folks) should not be presumed 
>>to be willing beta testers.  "Enabled by default" presumes I'm willing.
>>
>>Brian Brunner
>>brian.t.brunner at gai-tronics.com
>>(610)796-5838
>>    
>>
>It is not enabled by default ... unless you mindlessly click through
>screens without reading them.
>
>By that standard,  using LVM2 and erasing every hard drive is the
>default too ... (Disk Druid - automatically configure files systems)
>
>Or the package selection, or DHCP, or writing the grub to MBR, etc.  All
>these things are for an administrator to decide.
>
>SELinux is usable, if you want to use it ... if you don't want to,
>great.  That is why you get to install CentOS for yourself and I don't
>install it for you and tell you what you can have :)  
>
>I normally don't use SELinux either ... but that is my choice.
>
>But using SELinux is certainly more secure than not using it.
>
>
>  
>
>>>>>lesmikesell at gmail.com 11/19/05 11:41AM >>>
>>>>>          
>>>>>
>>On Fri, 2005-11-18 at 22:42, Lamar Owen wrote:
>>
>>    
>>
>>>Maybe I'm wrong, but I think any admin needs to experience having their box 
>>>cracked.  It will produce the humbleness necessary to the trade, because 
>>>overconfidence is dangerous.
>>>      
>>>
>>Yes, but when the box gets cracked _because_ they are using the
>>latest new thing their distribution added under the guise of
>>increased security, as happened with ssh a while back, it
>>also produces the attitude that new stuff should soak a long,
>>long while in a distribution like fedora before going onto
>>production boxes.  You want to at least wait until the surprises
>>stop - and I take the flurry of reports of broken apps at
>>every update as an indication that they haven't stopped yet.
>>    
>>
>
>No, their boxes get cracked mostly because they don't do security
>updates.
>
>  
>
>>Your analogy to a weapon was a good one.  When the experts
>>tuning the distribution still can't keep it from blowing
>>up in peoples's faces some of the time, normal people should
>>keep their distance.  When the fedora and Centos lists go
>>several months without a mysterious app failure caused by
>>SELinux it will be time to reconsider.
>>
>>    
>>
>That is, of course, you choice.
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos
>  
>

More information about the CentOS mailing list