on 3-7-2008 11:21 AM Therese Trudeau spake the following: >> Therese, the setroubleshoot package mentioned here was installed by default on >> my system. If you go to that after you have had a failure it generally tells >> you what it saw as a threat, and what to do about it if it should be allowed. >> Usually it's just a matter of copy and paste a line of command. > > Thanks Anne, > > Will setting to permissive prevent real time threats, or just tell me what happened after the fact of a failure? permissive is all the whining without actually doing anything about it. You use permissive to collect the log entries that help you add policy. When you get the whining to stop, then you go back to enforcing. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080307/575a913e/attachment-0005.sig>