[COLUG] SELinux
David Coulson
david at davidcoulson.net
Mon May 12 09:37:32 EDT 2008
Scott Merrill wrote:
> Is anyone on the list actively using SELinux in their installations?
>
Yes. I run it in production on a large number of servers.
> Does it help?
We've not had any security compromises so far! :) Honestly right now it
causes more problems administratively than it solves...
> If so, in what ways?
>
> Since I haven't had the time to educate myself about SELinux, I almost
> always disable it when installing RHEL5. If SELinux offers me
> something more useful when its enabled rather than disabled, I'd like
> to learn about that. Is anyone interested in presenting SELinux to
> the group?
>
The main advantage that SELinux offers is that it limits the effects of
a potential compromise - Someone gets in through Apache, they can only
access what Apache is permitted to access, not everything on the server.
http://www.crypt.gen.nz/selinux/faq.html
David
More information about the colug432
mailing list