[CentOS] Correct xen domains path

Stephen John Smoogen smooge at gmail.com
Tue Jun 19 22:36:13 UTC 2007

On 6/18/07, Stephen Harris <lists at spuddy.org> wrote:
> On Mon, Jun 18, 2007 at 12:18:40PM -0600, Stephen John Smoogen wrote:
> > On 6/18/07, Stephen Harris <lists at spuddy.org> wrote:
> > >I've never said there are _no_ cases for SELinux.  I was questioning it
> > >as a general rule for all machines.
> > Several of the problems were machines that were not connected to the
> > internet or were deep behind firewalls. The problems were that all it
> > takes is one user who doesnt think well to make all those
> > firewalls/issues useless. E.G the person who coming in from work finds
> > a nice shiney USB fob and plugs it into a work computer to see who it
> > belonged to so they could return it.  The guy who downloads an
> [ etc ]
> This is why I mentioned "risk profile" in another message.  You evaluate
> the perceived risk, the likely-hood of the event happening, the cost of
> the event, the "cost" of a potential solution and perform an analysis.
> So one might rank the items this:
>   external facing servers: high risk!  Automated attacks possible
>   Desktop work stations: moderate.  User stupidity highest attack vector
>   General compute server: low risk.  Only "trained" staff have access.

I was really grumpy yesterday.. so I just wanted to say that I believe
that in most cases where you are in a low risk.. you might be better
off with selinux in permissive mode versus off. Permissive at least
will give you a finger print of what might have gone wrong when the
PFY plugged in that nice shiney USB fob he found next to his car at

Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

More information about the CentOS mailing list