Jim Perrin wrote:
On 9/21/07, Mike McCarty Mike.McCarty@sbcglobal.net wrote:
WRT SELinux, just disable it is my suggestion. Or perhaps switch to another distro which is not yet infected.
Why yes, ignoring security or bypassing it alltogether rather than learning how to protect your systems is an EXCELLENT idea. I highly
Sarcasm is unbecoming. I suppose you are unaware of the long and bitter discussions on Fedora about SELinux?
recommend the 'head in the sand' approach. After all, if you can't see the bad guys poking you're server, they're not actually doing it, right?
SELinux does not prevent nor report people "poking your server".
Selinux is complicated, but it's getting far more easy to use than
SELinux is complicated, FULL STOP. It's a wrong-headed approach.
earlier versions (FC2 anyone?) and in combination with other tools, it can provide a rock solid security system.
Any security system which is not already rock solid is not going to be made any more secure from attack by adding SELinux. It might possibly suffer somewhat less damage, though that's debatable.
For webservers, the belt+suspenders combination of mod_security and selinux is damn near unbeatable.
You have personal experience with SELinux "saving" your system?
Mike