Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 11/28/10 5:29 PM, Marko Vojinovic wrote:
>
> I wouldn't know the typical ratio itself as a number, but I can tell you it is
> surely less than one. I had three identical systems compromised at the same
> time (one of the users had a weak password, and he used the same password on
> all three machines... you wouldn't believe...). Two systems had SELinux
> disabled, the third one had it enabled. For the first two, intruder managed to
> escalate to root and I had a busy weekend reinstalling those machines from
> scratch afterwards. For the third one, the intruder never managed to escalate
> to root, and this was clearly visible in SELinux and other system logs. I
> simply purged that user account and had everything working in no time.

But that means you were running software with vulnerabilities or a user would 
not be able to become root anyway.  Is that due to not being up to date (i.e. 
would normal, non-SELinux measures have been enough), or was this before a fix 
was available?

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux