Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sunday, November 28, 2010 10:50 PM, Scott Robbins wrote:
> On Sun, Nov 28, 2010 at 09:14:43PM +0800, Christopher Chan wrote:
>
>>>
>>> I think it is easier/cheaper to use hardware firewalls and idp systems
>>> to protect servers than fight with selinux on each server.
>>>
>>> SELinux tuning might work on companies with unlimited resources like
>>> NSA .. or if you run server at home with unlimited free time to tune
>>> it up.
>>>
>>
>> Are you some secret agent for botnets? I know they love to get their
>> hands on Linux boxes for use as their command centres for their Windows
>> drones.
>
> Sigh.  I don't think people have the right (or ability) to
> judge another person's situation.
>
> So....
>
> Judging from this, every AIX, Solaris, and BSD administrator are botnet
> agents.  As well as Debian server farms.
>

If they are die-hard don't lock down because it's too troublesome chaps 
then yeah!

Two other schools got their box hacked through phpmyadmin because the 
chap at HQ failed to locked down. I had to show him how to turn on 
SELinux and also figure out from the logs how the bot was uploaded.

I had never done SELinux before that but I got it mostly sorted within a 
morning and completely sorted in two days for some stuff that did not 
initially show up. This was a Moodle box with a mysql backend.

I, therefore, cannot see any excuse for disabling SELinux.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux