On 9/21/07, Mike McCarty Mike.McCarty@sbcglobal.net wrote:
WRT SELinux, just disable it is my suggestion. Or perhaps switch to another distro which is not yet infected.
Why yes, ignoring security or bypassing it alltogether rather than learning how to protect your systems is an EXCELLENT idea. I highly recommend the 'head in the sand' approach. After all, if you can't see the bad guys poking you're server, they're not actually doing it, right?
Selinux is complicated, but it's getting far more easy to use than earlier versions (FC2 anyone?) and in combination with other tools, it can provide a rock solid security system.
For webservers, the belt+suspenders combination of mod_security and selinux is damn near unbeatable.