[CentOS] securing centos 5.2 for public usage
John R. Dennison
jrd at gerdesas.com
Sat Sep 18 15:52:25 EDT 2010
On Sat, Sep 18, 2010 at 12:26:04PM -0400, m.roth at 5-cent.us wrote:
> Well, you could set selinux enforcing (AUGH!!!). Another possibility is
> run Bastille Linux on it to harden it. I really like the latter - I used
> it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes,
> this is years ago), and used that as my firewall/router, and in something
> like 9 years online, on broadband, to the best of my knowledge, I never
> had an intrusion.
Bastille Unix (renamed quite some time ago) has not been updated
in two years and is no longer supported to the best of my
knowledge; they announced an impending release in 2008 which
never occured and nothing has been heard since that I know of.
And why "AUGH!!!"? Selinux is enabled by default for a reason
and, quite frankly, has no need to be disabled except in the
most rare of corner cases; learning to properly make use of
selinux will, in the long run, make your life much easier.
I would never consider running an internet-facing host without
selinux in enforcing mode.
If man does find the solution for world peace it will be the most
revolutionary reversal of his record we have ever known.
-- George C. Marshall (1880 - 1959), American military leader and statesman,
creator of the Marshall Plan, the only US Army general to receive the Nobel
Peace Prize, Biennial Report of the Chief of Staff, US Army, 1 September 1945
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos/attachments/20100918/80490811/attachment.bin
More information about the CentOS