[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Lamar Owen lowen at pari.edu
Sat Nov 19 04:42:54 UTC 2005 

On Friday 18 November 2005 21:48, Chris Mauritz wrote:
> Look, I don't think I intimated that security is/was trivial.  Someone
> asked about a particular security tool.  I commented that I didn't think
> that tool was worth the effort for many people.

Which didn't answer his question.  Was the comment really necessary?  Did it 
help anyone?  Was it worth the effort?

> don't know what SELinux is.  Your attitude is that if you don't actively
> point every weapon in your arsenal at the world that you're somehow
> inept is just plain foolish and that SELinux is some magic panacea for
> securing a Linux box.  It isn't.

You misunderstand my point.  If you lay up the bazooka because 'it doesn't 
feel like a gun, man, it burns down anything behind you when you fire it, and 
wow, it is hard to use' then you are missing a part of your arsenal that you 
may very well need when that tank comes your way.  Just because you've only 
seen infantry thus far doesn't mean that there is not a tank in your future.

> I have been building and maintaining unix systems hanging off the net
> since the late 80's.  To date, I have yet to have a machine compromised
> that I secured myself.

Maybe I'm wrong, but I think any admin needs to experience having their box 
cracked.  It will produce the humbleness necessary to the trade, because 
overconfidence is dangerous.

> appear to feel differently.  That's just dandy.   You run your little
> corner of academia the way you want and I'll run my little corner of
> running dog capitalism the way I want.  I have no idea why you feel the
> need to be so belligerent about it.  *shrug*

The belligerence happened quite a ways before, during the first thread where 
totally unnecessary and useless answers were being hurled at the OP.  But I'm 
more sick and tired of so much belligerence in general.  No, more gripe 
wasn't the correct answer.  But what is?

> I couldn't bear the thought of some poor astrophysicist losing a
> day's worth of cosmic EMI/RFI due to my gross negligence.  Find someone
> more worthy.  8-)

Good laugh... :-)  Needed that laugh.

As the health and security of that data is my bread and butter (and my wife's, 
and my son's, and my three daughters') I do tend to be protective of it, as 
nearly random as it is (all 20TB per day of it).  But is sure is cool to work 
with.
-- 
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu

More information about the CentOS mailing list