I was banging my head against the wall trying to figure out why my Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and so I disabled SELinux and everything magically started working. Is this a good long term idea? Or is there a better way of doing things?
Rogelio Bastardo wrote:
I was banging my head against the wall trying to figure out why my Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and so I disabled SELinux and everything magically started working.
Is this a good long term idea? Or is there a better way of doing things?
-- This message has been scanned for viruses and dangerous content by the *Enhancion* http://www.enhancion.net/ system scanner, and is believed to be clean.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi There,
If your machine is purely a server and has no local accounts for ordinary users, you can implement an effective sercurity policy using appropriate partitioning, fstab entries, wrapper and firewall configuration without the baggage of SElinux.
Save yourself the headache and turn it off!
Regards
Pete
Peter Farrow wrote:
Rogelio Bastardo wrote:
I was banging my head against the wall trying to figure out why my Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and so I disabled SELinux and everything magically started working.
Is this a good long term idea? Or is there a better way of doing things?
-- This message has been scanned for viruses and dangerous content by the *Enhancion* http://www.enhancion.net/ system scanner, and is believed to be clean.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi There,
If your machine is purely a server and has no local accounts for ordinary users, you can implement an effective sercurity policy using appropriate partitioning, fstab entries, wrapper and firewall configuration without the baggage of SElinux.
Save yourself the headache and turn it off!
Well ... I totally disagree ... but we have had this conversation before :D
SELinux is a tool that, when used correctly, can prevent many attempts to do things via vulnerabilities. Learning to use it correctly is the real answer.
However, you can be secure with it turned off too ... it is just another layer.
On 7/15/07, Johnny Hughes johnny@centos.org wrote:
Learning to use it correctly is the
real answer.
That's on my list of things to.
I'm the meantime setroubleshoot helps me get by.
On Friday, June 29, 2007 7:19 PM -0700 Rogelio Bastardo scubacuda@gmail.com wrote:
I was banging my head against the wall trying to figure out why my Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and so I disabled SELinux and everything magically started working.
Is this a good long term idea? Or is there a better way of doing things?
SELinux is a tool, part of a suite of defenses you deploy as part of "defense in depth" to protect your assets. Only you can decide how valuable your assets are and how much effort you should expend protecting them. (But an usurped box also hurts the rest of us, once it becomes a bot available to spam or otherwise attack other hosts.)
You should have other techniques in play to defend your system, such as iptables, tcp wrappers, LUA, SSL, and strong passwords. SELinux presents another hurdle that attackers must get past.
My policy is not to permanently disable it but to figure out how to use it. I'm currently reading the two premier books on it to understand it. So far I haven't had to disable it to get things working, but I've had to defer deployment of some services or figure out workarounds.
-
drew einhorn -
Johnny Hughes -
Kenneth Porter -
Peter Farrow -
Rogelio Bastardo