[CentOS] [OT][Practices] The Case for RBAC/MAC

Lamar Owen lowen at pari.edu
Sat Nov 19 01:11:39 UTC 2005

On Friday 18 November 2005 12:47, Les Mikesell wrote:
> Well, it may or may not be true.  It is certainly well-intentioned, but
> we are talking about bugs and unexpected behavior here which by
> definition aren't predictable.

Les, let me make a statistical contrast here.  Standard run of the mill bugs 
are stochastic in nature (that is, unpredictable) and thus will in aggregate 
fall on a Gaussian distribution.  Black hat activities are not stochastic, 
and a predictably bad for you.  I think I'd rather take my chances with bugs.

> likely, by making normal operations more difficult, you set up
> the authorized users to need more outside help and more chances for
> social engineering efforts to steal their credentials.

That's where properly configuring the policies becomes critical.  You need to 
profile what constitutes 'normal' first, then set your policies to allow the 
normal activities without intervention.  The abnormal is what gets blocked, 
and hopefully at least is what the worm/black hat is trying to do.

Let me clarify my position on this, as I seem to not have conveyed my meaning 
quite as clearly as I intended.  My problem is not with 'turning SELinux off' 
but with the attitude that one should always turn SELinux off.  If you have a 
valid reason for turning it off (or setting it to permissive and setting the 
syslog options correctly) then do it; but don't assume that that is the Right 
Thing for Everybody All the Time.
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772

More information about the CentOS mailing list