On Sat, Sep 18, 2010 at 12:26:04PM -0400, m.roth at 5-cent.us wrote: > > Well, you could set selinux enforcing (AUGH!!!). Another possibility is > run Bastille Linux on it to harden it. I really like the latter - I used > it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes, > this is years ago), and used that as my firewall/router, and in something > like 9 years online, on broadband, to the best of my knowledge, I never > had an intrusion. Bastille Unix (renamed quite some time ago) has not been updated in two years and is no longer supported to the best of my knowledge; they announced an impending release in 2008 which never occured and nothing has been heard since that I know of. And why "AUGH!!!"? Selinux is enabled by default for a reason and, quite frankly, has no need to be disabled except in the most rare of corner cases; learning to properly make use of selinux will, in the long run, make your life much easier. I would never consider running an internet-facing host without selinux in enforcing mode. John -- If man does find the solution for world peace it will be the most revolutionary reversal of his record we have ever known. -- George C. Marshall (1880 - 1959), American military leader and statesman, creator of the Marshall Plan, the only US Army general to receive the Nobel Peace Prize, Biennial Report of the Chief of Staff, US Army, 1 September 1945 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20100918/80490811/attachment-0005.sig>