On Mon, Jun 18, 2007 at 06:45:26PM +0200, Daniel de Kok wrote:
On Mon, 2007-06-18 at 12:03 -0400, Stephen Harris wrote:
I've not heard a good reason to keep SELinux enabled, to be honest. For high sensitivity stuff, sure (much like using SEOS on Solaris for high sensitivity machines - eg those where third parties might have access). But as a general rule for all machines? Why?
One of the major goals of SELinux is to restrict the impact of 0-day vulnerabilities. If there is an ugly exploit for some network-facing daemon, it is a good idea to restrict the potential damage as possible.
"External facing" machines (ie those that can be reached off the internal network) _are_ one of those classes of machines flagged as "high sensitivity". These are candidates for SELinux, SEOS or equivalents. They may be either directly on the internet or in a DMZ area behind firewalls that allow certain incoming traffic (or in large corporations, accessed via VPNs or leased lines from customer sites; a different type of DMZ).
The security rule of thumb here is that such machine _will_ be attacked, and so "security in depth" is the process to apply.
But these are special cases with special "elevated security" rules.
Now... why should such rules apply to machines not thus exposed?