"Preston Crawford" <me at prestoncrawford.com> wrote: >> Is it necessary for my machine to be fairly secure? << No, as long as you take all the usual precautions: * Removing - or at least not running - unnecessary services * Keeping the system patched up-to-date (easy with yum, etc.) * Choosing strong passwords - or not using passwords for login across the Internet at all; generate an OpenSSH RSA 1024-bit key and use that instead * Never use protocols that transmit passwords in plaintext across the Internet (telnet, POP/IMAP without SSL, etc.) * Never logging in as root, but only using su to become root when necessary, for as short a time as necessary * Adding some firewall rules to (e.g.) rate-limit SSH connections to block brute-force password-guessing attacks * Use Postfix rather than Sendmail (though Sendmail has stood the test of time. by now) These are the major "good practices" required, though some people will doubtless suggest others (and probably quibble with some of the above ;) ). There have been Linux servers and workstations sitting on the Internet for many years without SELinux support, demonstrating it's not necessary. SELinux is a Thing of Beauty and a Joy Forever; I've used it myself for specialised situations, but people can - and do - run securely for years without it. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] Tel: +61 2 9451 1144 FreeWorldDialup: 800909