On Fri, 6 Mar 2009, Noob Centos Admin wrote:
> Just my noob opinion, that if there's no practical and definitive
> benefit from enabling SELinux, for the time being until it is matured,
> the best thing to do is just set it to off. Otherwise, it just
> generally causes trouble and runs up tons of log as it is.
>
> I'd love to be enlightened on this though :)
There are VERY definitive benefits to running SELinux. The best
description I've found is that it is like an iron cage on the inside of
a window. Even if something gets past the glass, its still inside a
window. I've had SELinux stop exploits against php scripts on
production servers. It is also a great training tool for teaching you
what "common practices" you've picked up are a bad idea (ie, cp'ing
stuff around as root).
That said, it does generate some very obtuse log messages (the
deciphering of which will teach you even more).
----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE jim@xxxxxxxxxxxxx http://www.rossberry.com
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
