On 11/28/10 5:29 PM, Marko Vojinovic wrote: > > I wouldn't know the typical ratio itself as a number, but I can tell you it is > surely less than one. I had three identical systems compromised at the same > time (one of the users had a weak password, and he used the same password on > all three machines... you wouldn't believe...). Two systems had SELinux > disabled, the third one had it enabled. For the first two, intruder managed to > escalate to root and I had a busy weekend reinstalling those machines from > scratch afterwards. For the third one, the intruder never managed to escalate > to root, and this was clearly visible in SELinux and other system logs. I > simply purged that user account and had everything working in no time. But that means you were running software with vulnerabilities or a user would not be able to become root anyway. Is that due to not being up to date (i.e. would normal, non-SELinux measures have been enough), or was this before a fix was available? -- Les Mikesell lesmikesell@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos