Peter Farrow wrote: > Rogelio Bastardo wrote: >> I was banging my head against the wall trying to figure out why my >> Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and >> so I disabled SELinux and everything magically started working. >> >> Is this a good long term idea? Or is there a better way of doing things? >> >> -- >> This message has been scanned for viruses and >> dangerous content by the *Enhancion* <http://www.enhancion.net/> >> system scanner, >> and is believed to be clean. >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> CentOS mailing list >> CentOS@xxxxxxxxxx >> http://lists.centos.org/mailman/listinfo/centos >> > Hi There, > > If your machine is purely a server and has no local accounts for > ordinary users, you can implement an effective sercurity policy using > appropriate partitioning, fstab entries, wrapper and firewall > configuration without the baggage of SElinux. > > Save yourself the headache and turn it off! Well ... I totally disagree ... but we have had this conversation before :D SELinux is a tool that, when used correctly, can prevent many attempts to do things via vulnerabilities. Learning to use it correctly is the real answer. However, you can be secure with it turned off too ... it is just another layer.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
