On 01/24/2016 10:17 PM, Tim wrote:
Tim:
I am always amazed that people think shutting off a security
something-or-other for some-amount-of-time can be considered safe.
It takes virtually the blink of an eye to get compromised.
If you need to turn off a security feature to do something, then there's
something wrong with that /thing/ that required it. It could simply be
crap programming, or it could be malicious. And even crap programming
can be destructive outside of its own files.
bruce:
really???
Yes.
If you're on an ISP, or a compromised LAN, you may find that there's
continual port scans and attacks.
I watched a friend get his box hacked four seconds after establishing a
network connection. He had to re-install to fix the problem. Same
thing happened the next two times he connected up. I just about wet
myself laughing. It took him three hacks before he wised up that he
needed to run protective software all the time. Drop your guard for a
second (or at least a few seconds), and that's enough.
By default, most things work like they're supposed to on Linux. If you
serve out HTML from the normal filepaths, it serves. There is, or was,
a GUI configurator for toggling SELinux permissions for certain services
that it's considered you ought to know what you're doing before you do
them, that's just as easy as similar configurators for enabling
services. e.g. There's a list, and you'd find HTTPD, or NFS, in it...
I'd go as far as to say that if you have no idea about how to run a
service, such as email or httpd, what it does, how it does it, how it
can be compromised, how to enable it, how to set up the firewall for it,
etc., then you have no business trying to run such a service. You'd
better learn how to do it on an isolated LAN. The world is replete with
spam, scams, hacks, etc, that affect everybody, because some dimwit made
it easy for them.
I haven't met a lot of people in my 30+ years of tech who just gloss
over the impotance of security..
I have, unfortunately. And I see a lot of people who do on this list or
forums. You can recognise them by the ones that when either dealing
with a problem, or the installing a system, the first things they do are
turn off SELinux and firewalls.
I don't even understand SELinux that much, but I would never disable it
UNLESS it was running on an isolated network or a box that I wanted to
"sacrifice". Surely its there for a reason. (And I've heard people give
all kinds of excuses when it comes to shutting it off, from "Its the
NSA's baby"....to "You don't need to run it".)....weird....because in
the world of Windows?....no one....and I mean NO ONE would think of
running a Windows box without SOME form of protection, regardless of
whether its on an isolated LAN, or connected to the world!.....if
anything they would run MULTIPLE security apps/suites to cover the holes
of the others! I guess its just a mindset you either have or don't?...
EGO II
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org