Re: Crazy (and just maybe awesome) idea: Winux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2010-03-07 at 19:44 -0700, James McKenzie wrote:
> SELinux should work with web servers in non-secure and secure modes.  It
> should work with Tomcat publishing dynamic pages as well.
> > Its part having the right tools for the job Martin.
> >
The problem when it was first released for Fedora was that it used a
cookie-cutter approach: telling it that you used Apache merely OK'ed
that within /var/www - IMO a silly place to put web pages as the /var
structure is one that you're almost certainly going to blitz as part of
a clean install and probably not bother to back up. The SEL config tool
had no method for saying that any ocurrences of /home/*/public_html were
also OK for Apache to serve from.

I'd disabled it by the time I started to use Postgres, but its a safe
bet the same problem would occur because the Fedora default puts the
Postgres files and database in /var/postgresql while I run it
from /home/postgres for the reasons given in my last post.

> And the added security should not be a security blanket either.  SELinux
> is just another level of host based security.
>
Yep. I don't accept incoming net connections. I get my mail with getmail
and run it through Spamassassin before it gets passed to Postfix for
distribution. No Clamav at present because I have no Wine apps that know
what mail is and most probably never will either. chkrootkit gets run
weekly - possibly daily would be better.

Martin




[Index of Archives]     [Gimp for Windows]     [Red Hat]     [Samba]     [Yosemite Camping]     [Graphics Cards]     [Wine Home]

  Powered by Linux