[CentOS] Correct xen domains path

Stephen John Smoogen smooge at gmail.com
Mon Jun 18 18:18:40 UTC 2007 

On 6/18/07, Stephen Harris <lists at spuddy.org> wrote:
> On Mon, Jun 18, 2007 at 10:31:30AM -0600, Stephen John Smoogen wrote:
> > On 6/18/07, Stephen Harris <lists at spuddy.org> wrote:
> > >I've not heard a good reason to keep SELinux enabled, to be honest.
> > >For high sensitivity stuff, sure (much like using SEOS on Solaris for high
> > >sensitivity machines - eg those where third parties might have access).
> > >But as a general rule for all machines?  Why?
>
> > Good experience... I have had multiple webservers not have successful
>
> Yup.  Webservers are machines where third parties might have access, and
> so are candidates for enhanced security processes such as SELinux or
> SEOS.
>
> I've never said there are _no_ cases for SELinux.  I was questioning it
> as a general rule for all machines.
>

Several of the problems were machines that were not connected to the
internet or were deep behind firewalls. The problems were that all it
takes is one user who doesnt think well to make all those
firewalls/issues useless. E.G the person who coming in from work finds
a nice shiney USB fob and plugs it into a work computer to see who it
belonged to so they could return it.  The guy who downloads an
attachment supposedly from the partner in France and wonders why the
system runs so slowly. The fellow who has an addiction to porn and
decides that he just has to meet that 'blonde' who just wrote him
about sharing pictures. Etc etc.

While a lot of these things sound Windows specific.. there is a
boutique industry in doing it for Linux especially when you know that
the company you are wanting to infiltrate is using Linux for 'security
means'.

Or to be direct.. there is no such thing as a secure computer.. it is
up to you as the site administrator to determine what is safe enough
for Your Site using appropriate risk management. If you believe your
site has enough methods of protection or are that the cost of extra
security (selinux) is not appropriate for your risk model.. you can
turn it off.

-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

More information about the CentOS mailing list