[CentOS] disabling SELinux on CentOS: a good idea?

Johnny Hughes johnny at centos.org
Sun Jul 15 12:47:12 UTC 2007


Peter Farrow wrote:
> Rogelio Bastardo wrote:
>> I was banging my head against the wall trying to figure out why my
>> Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and
>> so I disabled SELinux and everything magically started working.
>>
>> Is this a good long term idea? Or is there a better way of doing things?
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by the *Enhancion* <http://www.enhancion.net/>
>> system scanner,
>> and is believed to be clean.
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>   
> Hi There,
> 
> If your machine is purely a server and has no local accounts for
> ordinary users, you can implement an effective sercurity policy using
> appropriate partitioning, fstab entries, wrapper and firewall
> configuration without the baggage of SElinux.
> 
> Save yourself the headache and turn it off!

Well ... I totally disagree ... but we have had this conversation before :D

SELinux is a tool that, when used correctly, can prevent many attempts
to do things via vulnerabilities.  Learning to use it correctly is the
real answer.

However, you can be secure with it turned off too ... it is just another
layer.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.centos.org/pipermail/centos/attachments/20070715/7b9c09db/signature.bin


More information about the CentOS mailing list