On Sat, Sep 18, 2010 at 12:26:04PM -0400, m.roth@5-cent.us wrote:
Well, you could set selinux enforcing (AUGH!!!). Another possibility is run Bastille Linux on it to harden it. I really like the latter - I used it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes, this is years ago), and used that as my firewall/router, and in something like 9 years online, on broadband, to the best of my knowledge, I never had an intrusion.
Bastille Unix (renamed quite some time ago) has not been updated in two years and is no longer supported to the best of my knowledge; they announced an impending release in 2008 which never occured and nothing has been heard since that I know of.
And why "AUGH!!!"? Selinux is enabled by default for a reason and, quite frankly, has no need to be disabled except in the most rare of corner cases; learning to properly make use of selinux will, in the long run, make your life much easier.
I would never consider running an internet-facing host without selinux in enforcing mode.
John