Why do I need SELinux?
James McKenzie
jjmckenzie51 at earthlink.net
Sat Feb 19 20:35:40 UTC 2005
David Cary Hart wrote:
> On Sat, 2005-02-19 at 17:03 +0000, Timothy Murphy wrote:
>
>>Rahul Sundaram wrote:
>>
>>I've skimmed through the two references above,
>>and remain unconvinced that SELinux has anything to offer me,
>>a fairly standard home Linux user.
>>
>
> I'm running production web, mail and FTP servers and I don't appreciate
> the value of SELinux. Someone in the DShield list referred to this as
> "protection for the tinfoil helmet set."
>
> However, I do not NAT SSH nor Telnet. For that matter, the only ports
> that are open are http, smtp, pop3 and ftp.
>
David and Rahul:
Do you allow 'home' user access through httpd or ftpd? Then you should
consider Security Enhanced Linux (SELinux). If you have locked down
your system or do not offer any of the 'standard' services, you don't.
I suggest not using the highest level of SELinux, but use the targeted
level, if you decide to use SELinux. I had it enabled, but disabled it
after reading a lengthy article because I modified IPTables to disable
SSH to the world but to restrict it to only localhost.
--
James McKenzie
With assistance, Now running 2.6.11rc3, Software Suspend 2
and ibm-acpi .1
Need a home for my .rpm
More information about the fedora-list
mailing list