[CentOS] securing centos 5.2 for public usage

John R. Dennison jrd at gerdesas.com
Sat Sep 18 15:52:25 EDT 2010


On Sat, Sep 18, 2010 at 12:26:04PM -0400, m.roth at 5-cent.us wrote:
>
> Well, you could set selinux enforcing (AUGH!!!). Another possibility is
> run Bastille Linux on it to harden it. I really like the latter - I used
> it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes,
> this is years ago), and used that as my firewall/router, and in something
> like 9 years online, on broadband, to the best of my knowledge, I never
> had an intrusion.

	Bastille Unix (renamed quite some time ago) has not been updated
	in two years and is no longer supported to the best of my
	knowledge; they announced an impending release in 2008 which
	never occured and nothing has been heard since that I know of.

	And why "AUGH!!!"?  Selinux is enabled by default for a reason
	and, quite frankly, has no need to be disabled except in the 
	most rare of corner cases; learning to properly make use of
	selinux will, in the long run, make your life much easier.

	I would never consider running an internet-facing host without
	selinux in enforcing mode.





							John
	
-- 
If man does find the solution for world peace it will be the most
revolutionary reversal of his record we have ever known.

-- George C. Marshall (1880 - 1959), American military leader and statesman,
creator of the Marshall Plan, the only US Army general to receive the Nobel
Peace Prize, Biennial Report of the Chief of Staff, US Army, 1 September 1945
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos/attachments/20100918/80490811/attachment.bin 


More information about the CentOS mailing list