[CentOS] SELinux - way of the future or good idea but !!!
penguin at alisoncc.com
Sat Nov 27 01:33:36 EST 2010
Thanks for all the input. Particularly John and Patricks URL's for reading material. Starting with the stuff here http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml Which is really good.
I can get 1.5Mb/s upload using Annex M, but have previously purchased hosting as I have had little experience in "battle hardening" a server. Feeling much more confident now that I have reading material to guide me in keeping the bad guys out.
At 01:01 PM 27/11/2010, you wrote:
>On Sat, Nov 27, 2010 at 03:29:49AM +0200, Eero Volotinen wrote:
>> Usually it causes more problems. If you have unlimited resources to tune it up,
>> then it possibly helps on the way.
> Only if you don't bother to take the time to read any of the
> resources I previously provided or any of the other SElinux
> resources available on the 'net.
> SElinux is not brain surgery; spend some time with the
> documentation and you'll be surprised at how easily it all comes
> together after a while.
> Telling people to disable it is not only foolish but completely
> irresponsible; doubly so in a medium that exists to support
> If the best avenue was to disable it do you honestly think that
> upstream would enable it by default?
> This is 2010 - people are expected to actually make an effort at
> learning the systems they so casually throw up on the 'net and
> to take responsibility for those systems. Every time a box gets
> compromised it can pose a risk to the rest of us; please be
> mature and responsible enough to make it as difficult as
> possible to permit such a compromise in the first place.
>Live a good life. If there are gods and they are just, they will not care
>how devout you have been, but will welcome you based on the virtues you
>have lived by. If there are gods, but unjust, then you should not want to
>worship them. If there are no gods, then you will be gone, but will have
>lived a noble life that will live on in the memories of your loved ones.
>-- Marcus Aurelius (121-180), philosopher and writer
>CentOS mailing list
>CentOS at centos.org
More information about the CentOS