[CentOS] SELinux - way of the future or good idea but !!!
Eero Volotinen
eero.volotinen at iki.fiWed Dec 1 13:22:24 UTC 2010
- Previous message: [CentOS] SELinux - way of the future or good idea but !!!
- Next message: [CentOS] SELinux - way of the future or good idea but !!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2010/12/1 Nico Kadel-Garcia <nkadel at gmail.com>: >> Anyone willing to contribute funds (or time) to such a study? It would be >> educational experience and good PR, at the least. > > Oh, I know the holes and which would be straightforward to get to. > There's generally enough lower hanging fruit with NFS stored > passwords, email with passwords, and poorly managed elevation via SSH > keys as policies before I even got there that this protection is like > putting a bike lock on a jello mold. How about production like server: - firewall installed - selinux disabled - all services except ssh and httpd disabled -> sshd login enabled only with ssh keys and httpd protected via mod_security ? - cis hardened fixes applied to os - latest kernel patched applied -- Eero
- Previous message: [CentOS] SELinux - way of the future or good idea but !!!
- Next message: [CentOS] SELinux - way of the future or good idea but !!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list