Stephen Harris wrote:
On Tue, Nov 30, 2010 at 03:11:24PM -0500, Lamar Owen wrote:
Reality check: IDC analysts have estimated Red Hat's share of the paid commercial Linux market as 62%[1], [2], with Red Hat estimating higher [3]. That's RHEL: which ships SELinux enabled, enforcing, targeted, by default. And, this being the CentOS list, we're in a default SELinux
Reality check: how many of those installs are RedHat OOB installs with default options? I know the 10,000 machines we have where I work are all meant to be "corporate standard" and this, by default, does _not_ have SELinux enabled.
And how many reset them to permissive, or off, because enforcing breaks what's been working?
And about apache... most of those attacks are preventable through defensive configuration and coding for httpd itself. Looking to selinux to protect you is very sloppy.
they should be supporting the default RHEL configuration.
Shoulda, coulda, woulda... didna.
How many folks actually use the defaults? Hell, we don't use the default partitioning scheme.
mark