[CentOS] Defaults of CentOS Install not working with SELinux
Dan Roberts
dan at jlazyh.com
Thu Apr 30 20:32:57 UTC 2009
I would like not to disable SELinux, and I have the guide from the
nsa. But try as I might these three things are being difficult.
Given that it was a default install for them I have no idea how or why.
Some google searches and even the SELinux FAQ suggest remedy options
that involve data that I just don't seem to have - that's where the
expertise of someone who has had to deal with something similar would
be very helpful.
On Apr 30, 2009, at 11:44 AM, Lanny Marcus wrote:
> On Thu, Apr 30, 2009 at 9:07 AM, Dan Roberts <dan at jlazyh.com> wrote:
>> Following a hard drive corruption I have reinstalled the latest
>> version of
>> CentOS and all current patch files.
>> For most applications I selected the default options. By doing
>> this I
>> expected that the packages would play nice with one another and I
>> could
>> customize as necessary.
>> Setting SELinux to enforce I encountered all sorts of problems -
>> but most
>> were resolvable, save for Dovecot, Procmail (for spamc), and an odd
>> one
> <snip>
>> take on making a local policy module I am quickly getting lost .
>> The
>> option to simply disable SElinux with respect to Apache, Dovecote or
>> anything else is suggested - but not something I see in the GUI
>> window, and
>> I have not figured out how to do it from the command line.
>
> Disabling SELinux is *not* recommended, by those who know, on this
> mailing list and in other places. Maybe drop it down from "Enforcing"
> to Permissive, until you get it configured properly.
>
> You might want to go to <http://www.nsa.gov/> and download the .pdf
> version of their manual about hardening RHEL 5. Look for the December
> 20, 2007 version. On page 42, they begin discussing SELinux and how to
> configure/troubleshoot it. "Guide to the Secure Configuration of Red
> Hat Enterprise Linux 5". HTH and GL
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list