Jim Perrin wrote: > On 9/21/07, Mike McCarty <Mike.McCarty at sbcglobal.net> wrote: > > >>WRT SELinux, just disable it is my suggestion. Or perhaps >>switch to another distro which is not yet infected. > > > Why yes, ignoring security or bypassing it alltogether rather than > learning how to protect your systems is an EXCELLENT idea. I highly Sarcasm is unbecoming. I suppose you are unaware of the long and bitter discussions on Fedora about SELinux? > recommend the 'head in the sand' approach. After all, if you can't see > the bad guys poking you're server, they're not actually doing it, > right? SELinux does not prevent nor report people "poking your server". > Selinux is complicated, but it's getting far more easy to use than SELinux is complicated, FULL STOP. It's a wrong-headed approach. > earlier versions (FC2 anyone?) and in combination with other tools, it > can provide a rock solid security system. Any security system which is not already rock solid is not going to be made any more secure from attack by adding SELinux. It might possibly suffer somewhat less damage, though that's debatable. > For webservers, the belt+suspenders combination of mod_security and > selinux is damn near unbeatable. You have personal experience with SELinux "saving" your system? Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} Oppose globalization and One World Governments like the UN. This message made from 100% recycled bits. You have found the bank of Larn. I can explain it for you, but I can't understand it for you. I speak only for myself, and I am unanimous in that!