Re: selinux eradicator?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike McCarty wrote:

 If he runs behind a
hardware firewall, and has all ports closed or "stealthed", then
he's as secure as one can be and still have connections.

SELinux is not related to any traditional firewalls at all just in case someone is confused about that still.

SELinux
does not provide (AFAIK) any way to prevent compromise, only
an attempt at containment after compromise.

Incorrect. It can do both.

  AFAIK, no one has actually done any
scientific study as to whether a machine with SELinux active on it be
any more secure than otherwise.

If you consider practical situations where SELinux has prevented or mitigated the issue there are many. There has been innumerous studies on the effectiveness of MAC based security over traditional DAC security and they are scientific ones. Use google.

Until such time, efficacy in loading or not loading SELinux
to achieve enhanced security is a matter of conjecture, opinion,
and personal preference.

It is very much not conjecture. Use any good search engine and do your own research rather speculate. One point that should be noted is that unlike the original analogy SELinux is a additional security layer and turning it off doesnt not equate to turning off all security measures and of course the management of SELinux needs and will improve with the continuous development of better user space tools but what the underlying architecture is based on decades of research and work. NSA SELinux site has various docs on this.

Rahul

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux