[CentOS] SELinux - way of the future or good idea but !!!
centos-list at puzzled.xs4all.nl
Sat Nov 27 01:17:14 UTC 2010
On 11/27/2010 01:53 AM, Eero Volotinen wrote:
> 2010/11/27 Alison<penguin at alisoncc.com>:
>> total newbie on CentOS. Just firing up an install of 5.5 on a development webserver. Installed Webmin, Awstats, PHPMyAdmin and Drupal successfully. Yet to work on Sendmail and Samba. SELinux in enforcing mode, reporting "SELinux preventing ifconfig (ifconfig_t) "read write" to /var/webminsessiondb.pag (var_t)".
>> Googled the error message without real success in finding fix - bug reports showing. Question is whether worth pursuing as SELinux is the way of the future. Or is SELinux a good idea that never really made it's way into the sun. Thoughts please.
> Just turn selinux off. setenforce "0" works without rebooting server,
> but /etc/sysconfig/selinux is correct place to finalize setting..
What's with people recommending to turn off SELinux?! That's just bad
advice and like recommending people keep their doors unlocked at all
times. Really, stop doing that. SELinux is there for a reason.
Afaik Webmin does not have a very good reputation when it comes to
security. With that in mind your advice makes Alison's box much more
My advice to Alison is to remove Webmin and use the tools that come with
CentOS 5.5. Also make sure that phpMyAdmin can only be accessed from
your local LAN, use strong passwords, turn on a tight firewall and do
anything else that one should do to keep the bad guys from gaining
illegal access to your server.
The NSA has some nice guides how to keep your server secure. The guides
are on this page:
More information about the CentOS