On Monday, November 29, 2010 08:50 PM, Marko Vojinovic wrote:
Well, the kernel I used at the time had a known exploit (exploitable by some services I was running), and the intruder got advantage of that. Of course, it was partly my fault, because I didn't restart those machines for a long time, so the updated kernel wasn't running on them.
So yes, I agree, if I took good care of the rest of the system nothing serious would have happened. But in this particular case SELinux saved my skin, since the third machine could take the load from the first two while these were kickstarted by a friend of mine... :-)
There is also the case of recently discovered exploits. Like the one in phpmysqladmin that was made known in September. Okay, the HQ chap was inept in allowing anybody to access phpmysqladmin imagining that the password protection was sufficient and at the same time allowing access to setup.php from anyone on the Net so he could have prevented it the whole thing in the first place without the protection of SELinux. But had he had SELinux running, it could have foiled the upload of the bot and subsequent execution.