[CentOS] SELinux - way of the future or good idea but !!!

Christopher Chan christopher.chan at bradbury.edu.hk
Tue Nov 30 17:18:04 EST 2010


On Wednesday, December 01, 2010 04:54 AM, m.roth at 5-cent.us wrote:

> And about apache... most of those attacks are preventable through
> defensive configuration and coding for httpd itself. Looking to selinux to
> protect you is very sloppy.

The key word is most. If one bothered to go through all the steps to 
lock down apache, one can also bother to apply the similar stuff with 
SELinux which would be must more comprehensive and take care of the 
other 1% or whatever cases too.


More information about the CentOS mailing list