Peter Farrow wrote:
>I agree 100% I don't need it to make a system secure.
>
>>and it appears still that your confidence that you can secure systems
>>without it gets in the way of any efforts to learn how it may benefit
>>you.
Having an agent like selinux that knows and monitors the behavior of known
processes, and prevents unexpected behavior, presents a second line of defense
that _may_ prevent or mitigate an attacker's ability to take over a system.
While certainly not a substitute for secure programming practices, it may
lessen the impact of security holes that do exist in deployed applications.
Is it worth the added code complexity, configuration complexity, system
resources, etc. required to use it? That is a question that different admins
will come to their own conclusions about. Also, selinux is in its relative
infancy, and there is currently both a shortage of expertise about it in the
admin community, and problems in the current packaging (e.g. rule sets that
break things in the default configuration) that are causing headaches. As
these issues are dealt with, folks may or may not decide that selinux enhances
the security of their systems. Some have already made their decisions.
We are currently running selinux in permissive mode. Also, I had to remove
some of the RPMs during the Centos 4.2 update, because the RPM update wanted
to scan every file in the ~4000 user home directories in our central file
storage pool _from every host running the update_. Oh, and that's a central
file storage pool that doesn't even do ACLs. Bad selinux. No biscuit.
That being said, I would like to use selinux as _one_ piece of our security
infrastructure. But there are several issues that need to be solved before I
do so.
Dave Thompson
UW-Madison
