On Fri, 6 Mar 2009, Noob Centos Admin wrote: > Just my noob opinion, that if there's no practical and definitive > benefit from enabling SELinux, for the time being until it is matured, > the best thing to do is just set it to off. Otherwise, it just > generally causes trouble and runs up tons of log as it is. > > I'd love to be enlightened on this though :) There are VERY definitive benefits to running SELinux. The best description I've found is that it is like an iron cage on the inside of a window. Even if something gets past the glass, its still inside a window. I've had SELinux stop exploits against php scripts on production servers. It is also a great training tool for teaching you what "common practices" you've picked up are a bad idea (ie, cp'ing stuff around as root). That said, it does generate some very obtuse log messages (the deciphering of which will teach you even more). ---------------------------------------------------------------------- Jim Wildman, CISSP, RHCE jim at rossberry.com http://www.rossberry.com "Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one." Thomas Paine