[CentOS] SELinux - way of the future or good idea but !!!
Christopher Chan
christopher.chan at bradbury.edu.hk
Sun Nov 28 23:12:34 UTC 2010
On Sunday, November 28, 2010 10:50 PM, Scott Robbins wrote:
> On Sun, Nov 28, 2010 at 09:14:43PM +0800, Christopher Chan wrote:
>
>>>
>>> I think it is easier/cheaper to use hardware firewalls and idp systems
>>> to protect servers than fight with selinux on each server.
>>>
>>> SELinux tuning might work on companies with unlimited resources like
>>> NSA .. or if you run server at home with unlimited free time to tune
>>> it up.
>>>
>>
>> Are you some secret agent for botnets? I know they love to get their
>> hands on Linux boxes for use as their command centres for their Windows
>> drones.
>
> Sigh. I don't think people have the right (or ability) to
> judge another person's situation.
>
> So....
>
> Judging from this, every AIX, Solaris, and BSD administrator are botnet
> agents. As well as Debian server farms.
>
If they are die-hard don't lock down because it's too troublesome chaps
then yeah!
Two other schools got their box hacked through phpmyadmin because the
chap at HQ failed to locked down. I had to show him how to turn on
SELinux and also figure out from the logs how the bot was uploaded.
I had never done SELinux before that but I got it mostly sorted within a
morning and completely sorted in two days for some stuff that did not
initially show up. This was a Moodle box with a mysql backend.
I, therefore, cannot see any excuse for disabling SELinux.
More information about the CentOS
mailing list