Re: selinux??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/23/2016 09:52 AM, bruce wrote:
> Hi.
> 
> In testing out creating/setting up remote droplets on digital 
> ocean/fed (centos), I realize that it should be secured as 
> much/tightly as possible. However, I also realize that if I screw 
> something up, I could have an instance that has issues. I'm not a
> sys admin, and not trying to be one.
> 
> So, here's my question. If I'm going to be spinning up/down an 
> instance, could I simply disable selinux? For my scenario, I'll be 
> creating a base instance, with the required apps/processes, and
> then using that base instance for any testing droplets I need to
> create, to test my apps.
> 
> So, if I create an instance, spin it up, fire off my tests on the 
> instance, run everything for a few hours, and then shut it off,
> would that be "reasonably safe/secure"?
> 
> My testing apps are a mix of python/php/perl/shell scripts, there's
> no web stuff as of yet. Although, there will be dns/nfs/mysql 
> functionality.
> 
> Thanks for thoughts..
> 

Sorry I'm late to the thread.

Bruce, I'd love your opinion on the "SELinux for Mere Mortals" talk
from Red Hat Summit: https://www.youtube.com/watch?v=MxjenQ31b70

Disclaimer: it's a video of me, and I work for Red Hat.

I've gotten a lot of positive feedback on the video, and I hope that
it will make your decision easier. It's only about an hour, and pretty
much everyone who has watched it has said they'd use SELinux after
watching it. I am clearly biased, but I would not run any
internet-facing system without SELinux turned on. Heck, I don't run
*any* system without it.

I hope this helps!

Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlao730ACgkQmzle50YHwaA4QgCfb3fp0uFady5EGd0WG/867tYs
aM4AoK3QlegFtyVxc3VARtPe4h6Ctx7j
=z6vI
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux