Jim Perrin wrote:
On 9/21/07, Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx> wrote:
WRT SELinux, just disable it is my suggestion. Or perhaps
switch to another distro which is not yet infected.
Why yes, ignoring security or bypassing it alltogether rather than
learning how to protect your systems is an EXCELLENT idea. I highly
Sarcasm is unbecoming. I suppose you are unaware of the
long and bitter discussions on Fedora about SELinux?
recommend the 'head in the sand' approach. After all, if you can't see
the bad guys poking you're server, they're not actually doing it,
right?
SELinux does not prevent nor report people "poking your server".
Selinux is complicated, but it's getting far more easy to use than
SELinux is complicated, FULL STOP. It's a wrong-headed approach.
earlier versions (FC2 anyone?) and in combination with other tools, it
can provide a rock solid security system.
Any security system which is not already rock solid is not going
to be made any more secure from attack by adding SELinux. It might
possibly suffer somewhat less damage, though that's debatable.
For webservers, the belt+suspenders combination of mod_security and
selinux is damn near unbeatable.
You have personal experience with SELinux "saving" your system?
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos