[CentOS] Security checklist for new Centos server?

M. Fioretti mfioretti at mclink.it
Sat Jul 21 20:58:16 UTC 2007

On Sat, Jul 21, 2007 12:19:23 PM -0500, Johnny Hughes
(johnny at centos.org) wrote:

> >> Don't turn off SELinux.
> > 
> > Hmmm... I had also forgotten this side of the package. I will be
> > running on a rented VPS, can SELinux be used in such contexts?
> > 
> > Also, frankly I am not up to date on this, but I do remember reading a
> > lot of "Just turn off selinux, isn't worth it" and "selinux isn't
> > mature/ documented enough yet" in relatively recent times, both on
> > Fedora and Centos lists.
> > 
> > Is this still the case?

> It was never the case ... SELinux has been turned on by default by Red
> Hat in RHEL4 and RHEL5.

Yes, but I do remember several threads on the confusion this caused,
hence my comment

> People who say "turn it off" do so because the either don't
> understand what it does OR they don't know how to use it.

Sure. This could be due to the feature not being sufficiently
documented (see my earlier comments in the thread on ssl, for
example), something that in practice would still make it hardly usable
for all but the most competent, full-time sysadmins. Regardless of how
well it's working or is packaged in any distro.


The one book on software and digital technologies that no parent or
teacher can ignore

More information about the CentOS mailing list