F8t3 - Minimal services to run?
Steve Grubb
sgrubb at redhat.com
Fri Oct 19 13:02:31 UTC 2007
On Friday 19 October 2007 08:48:05 Adam Pribyl wrote:
> > # rsyslog
> > # auditd
>
> This I would like to have more explained. For want purpose you should run
> irqbalance on system with minimum devices, auditd on system without
> selinux (which I recommend to switch off on system with slow cpu and low
> memory).
The audit daemon is the collector of all security events - even without
selinux installed or enabled. You may want to see failed logins, failed
authentication attempts, who's been adding accounts, programs that are
segfaulting, who's opening raw sockets, etc.
Also, even on small memory systems, selinux is beneficial. The policy does not
take that much memory in the kernel.
-Steve
More information about the fedora-test-list
mailing list