[CentOS] SELinux - way of the future or good idea but !!!

Tue Nov 30 20:54:37 UTC 2010
m.roth at 5-cent.us <m.roth at 5-cent.us>

Stephen Harris wrote:
> On Tue, Nov 30, 2010 at 03:11:24PM -0500, Lamar Owen wrote:
>> Reality check: IDC analysts have estimated Red Hat's share of the paid
>> commercial Linux market as 62%[1], [2], with Red Hat estimating higher
>> [3].  That's RHEL: which ships SELinux enabled, enforcing, targeted,
>> by default.  And, this being the CentOS list, we're in a default SELinux
>
> Reality check: how many of those installs are RedHat OOB installs with
> default options?  I know the 10,000 machines we have where I work are
> all meant to be "corporate standard" and this, by default, does _not_
> have SELinux enabled.

And how many reset them to permissive, or off, because enforcing breaks
what's been working?

And about apache... most of those attacks are preventable through
defensive configuration and coding for httpd itself. Looking to selinux to
protect you is very sloppy.
>
>> they should be supporting the default RHEL configuration.
>
> Shoulda, coulda, woulda... didna.

How many folks actually use the defaults? Hell, we don't use the default
partitioning scheme.

        mark