[CentOS] Security checklist for new Centos server?

Ralph Angenendt ra+centos at br-online.de
Sun Jul 22 20:08:01 UTC 2007


M. Fioretti wrote:
> > People who say "turn it off" do so because the either don't
> > understand what it does OR they don't know how to use it.
> 
> Sure. This could be due to the feature not being sufficiently
> documented (see my earlier comments in the thread on ssl, for
> example), something that in practice would still make it hardly usable
> for all but the most competent, full-time sysadmins. Regardless of how
> well it's working or is packaged in any distro.

If you're staying with software supplied by CentOS and use the standard
paths for apache, postfix, squirrelmail and so on, you probably won't be
able to tell that SELinux is turned on.

As soon as you're beginning to add software from somewhere else, things
can get funny. But even for those solution aren't that far away :)

Cheers,

Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos/attachments/20070722/8a4f93b0/attachment.bin


More information about the CentOS mailing list