[CentOS] SELinux - way of the future or good idea but !!!

Alison penguin at alisoncc.com
Sat Nov 27 01:33:36 EST 2010


Thanks for all the input. Particularly John and Patricks URL's for reading material. Starting with the stuff here http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml Which is really good.

I can get 1.5Mb/s upload using Annex M, but have previously purchased hosting as I have had little experience in "battle hardening" a server. Feeling much more confident now that I have reading material to guide me in keeping the bad guys out.

Alison




At 01:01 PM 27/11/2010, you wrote:
>On Sat, Nov 27, 2010 at 03:29:49AM +0200, Eero Volotinen wrote:
>> 
>> Usually it causes more problems. If you have unlimited resources to tune it up,
>> then it possibly helps on the way.
>
>        Only if you don't bother to take the time to read any of the
>        resources I previously provided or any of the other SElinux
>        resources available on the 'net.
>
>        SElinux is not brain surgery; spend some time with the
>        documentation and you'll be surprised at how easily it all comes
>        together after a while.
>
>        Telling people to disable it is not only foolish but completely
>        irresponsible; doubly so in a medium that exists to support
>        users.
>        
>        If the best avenue was to disable it do you honestly think that
>        upstream would enable it by default?
>
>        This is 2010 - people are expected to actually make an effort at
>        learning the systems they so casually throw up on the 'net and
>        to take responsibility for those systems.  Every time a box gets
>        compromised it can pose a risk to the rest of us; please be
>        mature and responsible enough to make it as difficult as
>        possible to permit such a compromise in the first place.
>
>
>
>
>                                                        John
>-- 
>Live a good life.  If there are gods and they are just, they will not care
>how devout you have been, but will welcome you based on the virtues you
>have lived by.  If there are gods, but unjust, then you should not want to
>worship them.  If there are no gods, then you will be gone, but will have
>lived a noble life that will live on in the memories of your loved ones.
>
>-- Marcus Aurelius (121-180), philosopher and writer
>
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos



More information about the CentOS mailing list