On 6/18/07, Stephen Harris lists@spuddy.org wrote:
On Mon, Jun 18, 2007 at 12:18:40PM -0600, Stephen John Smoogen wrote:
On 6/18/07, Stephen Harris lists@spuddy.org wrote:
I've never said there are _no_ cases for SELinux. I was questioning it as a general rule for all machines.
Several of the problems were machines that were not connected to the internet or were deep behind firewalls. The problems were that all it takes is one user who doesnt think well to make all those firewalls/issues useless. E.G the person who coming in from work finds a nice shiney USB fob and plugs it into a work computer to see who it belonged to so they could return it. The guy who downloads an
[ etc ]
This is why I mentioned "risk profile" in another message. You evaluate the perceived risk, the likely-hood of the event happening, the cost of the event, the "cost" of a potential solution and perform an analysis.
So one might rank the items this: external facing servers: high risk! Automated attacks possible Desktop work stations: moderate. User stupidity highest attack vector General compute server: low risk. Only "trained" staff have access.
Most of my cleanup/horror stories are on servers that supposedly "trained" staff have access to. I was wondering what a general compute server is... I have seen this term multiple times ot be used for too many items (internal webservers, share servers, financial database, etc) where due to the fact that the desktop could access it in some way.. the stupid user had somehow basically infected it in one way or another.
(Umm, sorry for going on... I work in an area where these things are every day considerations so...)
No problem..
up to you as the site administrator to determine what is safe enough
Actually, in large companies you have a whole risk organisational structure whose job it is to evaluate these things and determine policy. They straddle the line between technology (my side) and business (my customer) needs and try to balance the two.
Hmmmm I guess I havent worked in a big enough business or the ones I have dealt with were more inclined to just keep up with paperwork versus actually making risk analysis. [Is also probably also grumpy today from having to do other peoples work for them.]
for Your Site using appropriate risk management. If you believe your site has enough methods of protection or are that the cost of extra security (selinux) is not appropriate for your risk model.. you can turn it off.
I'd argue the opposite; if you feel you the risk exposure is such that you need the protection then enable it. I've listed cases where this is the case.
That cases exist for SELinux does not mean it should be on by default, and is definitely not deserving of a sheeplike response whenever anyone proposes otherwise.
I am sorry, but while I believe that it was meant in jest... the core of the problem is that turning it off is the default answer from too many people who have no idea why an application isnt working.
Web-application not working, turn off selinux. File-share system not working, turn off selinux. Desktop application you downloaded from rpmfind.net not working, turn off selinux. It usually comes with the recommended advice of use '--force --nodeps' to install/remove RPMS and just keep setting files 777 until your application works. And while your answers are clearly thought out... they are pretty much drowned out in the Slashdot like posts on webforums, email-lists, and IRC where people who have no clue will tell people to turn off Selinux by default and then give the other advice above.
Sorry for the grumpy analogy.. and I probably need a vacation from mailling lists/IRC for a while.. but it seems that this last month has been dealing with people who turned off selinux because someone told them too on IRC etc etc. And those people have no idea why just that they do it because someone told them too.