On Sunday, November 28, 2010 10:50 PM, Scott Robbins wrote: > On Sun, Nov 28, 2010 at 09:14:43PM +0800, Christopher Chan wrote: > >>> >>> I think it is easier/cheaper to use hardware firewalls and idp systems >>> to protect servers than fight with selinux on each server. >>> >>> SELinux tuning might work on companies with unlimited resources like >>> NSA .. or if you run server at home with unlimited free time to tune >>> it up. >>> >> >> Are you some secret agent for botnets? I know they love to get their >> hands on Linux boxes for use as their command centres for their Windows >> drones. > > Sigh. I don't think people have the right (or ability) to > judge another person's situation. > > So.... > > Judging from this, every AIX, Solaris, and BSD administrator are botnet > agents. As well as Debian server farms. > If they are die-hard don't lock down because it's too troublesome chaps then yeah! Two other schools got their box hacked through phpmyadmin because the chap at HQ failed to locked down. I had to show him how to turn on SELinux and also figure out from the logs how the bot was uploaded. I had never done SELinux before that but I got it mostly sorted within a morning and completely sorted in two days for some stuff that did not initially show up. This was a Moodle box with a mysql backend. I, therefore, cannot see any excuse for disabling SELinux.