We've been here before by the way
http://lists.centos.org/pipermail/centos/2005-May/006303.html
Peter Farrow wrote:
Thats because its entirely possible to make a system secure without Selinux, it was only born in Centos from Version 4.
While I would never recommend turning off a firewall, I would recommend turning off Selinux: a firewall doesn't stop stuff on the box working properly as it ships, Selinux does.
For example anything that would stop squid running properly out of the box (as Selinux does) is of limited value, in this instance its not required, it gets in the way, it IS easily possible to have a secure system without Selinux, whereas that is doubtful without a firewall. Chalk and cheese springs to mind.
If Selinux is the "baby" in your metaphor, then the best thing to with it is hold it under the water until it stops moving....
For those of us who know how to configure secure systems (and I'm not suggesting you don't Tony by any stretch) Selinux is additionaly bloat I (we) don't really need. It just slows the system down...
I''ve never needed it......
Pete
Tony wrote:
On 11/14/05, *Peter Farrow* <peter@farrows.org mailto:peter@farrows.org> wrote:
/etc/selinux/config Change this line: SELINUX=enforcing to this: SELINUX=disabledIt always amazes me how quick people are to suggest that you just switch selinux off, without balancing the suggestion with an explanation of what they are losing by doing this. Would you switch a firewall off because it keeps filling your log files up with packet info? An English expression involving babies and bathwater springs to mind ;-)
-- Cheers,
Tony
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos