[COLUG] SELinux
Scott Webster Wood
treii28 at yahoo.com
Mon May 12 13:15:22 EDT 2008
OK, I have a question. What do you do in SE Linux when you have some service that doesn't appear to have an existing profile? I put fedora 8 on my old desktop when I got a new laptop a few weeks back and one of the things that I used to run on it in winblows was a small ventrilo server for me and my friends to use. I couldn't find a way to get venti working under selinux however.
SW
----- Original Message ----
From: David Coulson <david at davidcoulson.net>
To: Central OH Linux User Group <colug432 at colug.net>
Sent: Monday, May 12, 2008 9:37:32 AM
Subject: Re: [COLUG] SELinux
Scott Merrill wrote:
> Is anyone on the list actively using SELinux in their installations?
>
Yes. I run it in production on a large number of servers.
> Does it help?
We've not had any security compromises so far! :) Honestly right now it
causes more problems administratively than it solves...
> If so, in what ways?
>
> Since I haven't had the time to educate myself about SELinux, I almost
> always disable it when installing RHEL5. If SELinux offers me
> something more useful when its enabled rather than disabled, I'd like
> to learn about that. Is anyone interested in presenting SELinux to
> the group?
>
The main advantage that SELinux offers is that it limits the effects of
a potential compromise - Someone gets in through Apache, they can only
access what Apache is permitted to access, not everything on the server.
http://www.crypt.gen.nz/selinux/faq.html
David
_______________________________________________
colug432 mailing list colug432 at colug.net
http://www.colug.net/mailman/listinfo/colug432
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
More information about the colug432
mailing list