Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



>> Just turn selinux off. setenforce "0" works without rebooting server,
>> but /etc/sysconfig/selinux is correct place to finalize setting..
>
> What's with people recommending to turn off SELinux?! That's just bad
> advice and like recommending people keep their doors unlocked at all
> times. Really, stop doing that. SELinux is there for a reason.

Usually it causes more problems. If you have unlimited resources to tune it up,
then it possibly helps on the way.

> My advice to Alison is to remove Webmin and use the tools that come with
> CentOS 5.5. Also make sure that phpMyAdmin can only be accessed from
> your local LAN, use strong passwords, turn on a tight firewall and do

.. and disable password authentication on sshd server.

> anything else that one should do to keep the bad guys from gaining
> illegal access to your server.
>
> The NSA has some nice guides how to keep your server secure. The guides
> are on this page:
> http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml

http://www.zlinuxtoday.com/z/wp-content/uploads/2010/06/CIS_RHEL_5.0-5.1_Benchmark_v.1.1.2.pdf

--
Eero
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux