[CentOS] an actual hacked machine, in a preserved state

John R. Dennison jrd at gerdesas.com
Tue Jan 3 07:01:07 UTC 2012


On Mon, Jan 02, 2012 at 10:41:15PM -0800, Bennett Haselton wrote:
> 
> Again, you don't have to take my word for it -- in the first 10 Google 
> hits of pages with people posting about the problem I ran into, none of 
> the people helping them, thought to suggest SELinux as the cause of the 
> problem.  (By contrast, when iptables causes a problem, people usually 
> figure out that's what's going on.)

There's a lot of FUD going around in this thread.  If people would
bother to spend some time _reading_ _documentation_ on the systems they
are attempting to admin they might find that subsystems such as selinux
aren't quite as complex as they make them out to be.  Oh, and like all
other aspects of the internet, google is just as susceptible to indexing
idiots as it is to indexing pertinent and accurate results.

selinux is fully integrated into the system auditing facilities and even
provides multiple tools to aid an administrator in problem isolation
and remediation.  These tools are, of course, fully documented.

There is _ample_ documentation on the web, starting with the CentOS
wiki site, that covers selinux in great detail.  I would urge you and
anyone else not familiar with the facilities that selinux offers, both
from an enforcement standpoint and also from a management standpoint, to
spend some quality time reading up on it.

Blaming selinux itself for creating what you perceive as a "problem"
because you won't make a rudimentary attempt at learning to properly
manage it is ludicrous.

Anyone that has an internet facing box that does not take advantage of
each and every security technology at their disposal should be in a
different line of work.  And taking advantage of such technologies
requires one to read associated documentation.

And while this response seems to single you out I mean to point a
finger at anyone out there that doesn't bother to take time to learn
about systems / data that they are responsible for.




							John
-- 
If you always do what interests you, at least one person is pleased.

-- Katharine Hepburn (1907-2003), American actress, writer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20120103/1fec4da6/attachment.sig>


More information about the CentOS mailing list