[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



On 9/21/07, Timothy Murphy <tim birdsnest maths tcd ie> wrote:
> Arthur Pemberton wrote:
>
> > Selinux is another layer of security, it isn't a replacement of any
> > security layers, I see no reason why anyone feels such apparently
> > hostility to this piece of technology.
>
> While I'm not hostile to SELinux,
> I'm also not convinced it actually gives any protection in the real world.
> I've never seen anyone say, "Thank God I was running SELinux,
> or I would have been in a mess".

So... would you like me to tell a story of why I like SELinux? And how
it saved me from my own weak sysadmin practices?

> I see at once from my logwatch that thousands of lunatics
> are hurling silly packets at my machine,
> and I'm grateful to shorewall for keeping them out.

Please. Lets keep firewalls out of the topic, they SELinux i
complementary to firewalls.

> I suspect that at the moment SELinux is more of an advertising ploy,
> "Windows cannot be secured, but Linux can",
> than a useful defence against any real danger.

Your suspicions, while reasonable are untrue.

> There probably will be a real danger in the future, if Linux thrives.
> So it is certainly a good idea to build up defences now.

The earlier we start, the better.

> Personally, I run SELinux in permissive mode,
> intending to see what it turns up - one day, when I have time ...

I either run it (in targeted mode) or I don't - I do on servers, don't
on desktops/laptops

-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]