Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

2010/12/1 Nico Kadel-Garcia <nkadel@xxxxxxxxx>:

>> Anyone willing to contribute funds (or time) to such a study?  It would be
>> educational experience and good PR, at the least.
>
> Oh, I know the holes and which would be straightforward to get to.
> There's generally enough lower hanging fruit with NFS stored
> passwords, email with passwords, and poorly managed elevation via SSH
> keys as policies before I even got there that this protection is like
> putting a bike lock on a jello mold.

How about production like server:

- firewall installed
- selinux disabled
- all services except ssh and httpd disabled
-> sshd login enabled only with ssh keys and httpd protected via mod_security ?
- cis hardened fixes applied to os
- latest kernel patched applied

--
Eero
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux