[CentOS] selinux on/off percentage

Mon Apr 2 10:28:13 UTC 2012
Johnny Hughes <johnny at centos.org>

On 03/31/2012 10:31 PM, Min Wang wrote:
> hi
>
>     Just wondering if there is any statiscs report of selinxu usages in 
> production environment? I know some still turn it off.

If you have machines purposely serving things to the masses on the
Internet, you should take the time to make SELinux work properly on
those machines.

The thing that SELinux is going to do is to prevent things from running
outside the proper contexts.  This means that it will, for example,
block known PHP exploits even though the machine is vulnerable, etc.

For machines not serving content, you can turn it off there if you want.

Here is a good FAQ about SELinux:

http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/

And more info:

http://selinuxproject.org/page/Main_Page



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120402/6b5b3607/attachment-0005.sig>