On Sunday, November 28, 2010 10:50 PM, Scott Robbins wrote:
On Sun, Nov 28, 2010 at 09:14:43PM +0800, Christopher Chan wrote:
I think it is easier/cheaper to use hardware firewalls and idp systems to protect servers than fight with selinux on each server.
SELinux tuning might work on companies with unlimited resources like NSA .. or if you run server at home with unlimited free time to tune it up.
Are you some secret agent for botnets? I know they love to get their hands on Linux boxes for use as their command centres for their Windows drones.
Sigh. I don't think people have the right (or ability) to judge another person's situation.
So....
Judging from this, every AIX, Solaris, and BSD administrator are botnet agents. As well as Debian server farms.
If they are die-hard don't lock down because it's too troublesome chaps then yeah!
Two other schools got their box hacked through phpmyadmin because the chap at HQ failed to locked down. I had to show him how to turn on SELinux and also figure out from the logs how the bot was uploaded.
I had never done SELinux before that but I got it mostly sorted within a morning and completely sorted in two days for some stuff that did not initially show up. This was a Moodle box with a mysql backend.
I, therefore, cannot see any excuse for disabling SELinux.