[CentOS] Centos 5.x SElinux issues

Thu Mar 5 20:06:15 UTC 2009
Jim Wildman <jim at rossberry.com>

On Fri, 6 Mar 2009, Noob Centos Admin wrote:

> Just my noob opinion, that if there's no practical and definitive
> benefit from enabling SELinux, for the time being until it is matured,
> the best thing to do is just set it to off. Otherwise, it just
> generally causes trouble and runs up tons of log as it is.
> I'd love to be enlightened on this though :)

There are VERY definitive benefits to running SELinux.  The best
description I've found is that it is like an iron cage on the inside of
a window.  Even if something gets past the glass, its still inside a
window.  I've had SELinux stop exploits against php scripts on
production servers.  It is also a great training tool for teaching you
what "common practices" you've picked up are a bad idea (ie, cp'ing
stuff around as root).

That said, it does generate some very obtuse log messages (the
deciphering of which will teach you even more).

Jim Wildman, CISSP, RHCE       jim at rossberry.com http://www.rossberry.com
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine