On Sat, Sep 18, 2010 at 12:26:04PM -0400, m.r...@5-cent.us wrote: > > Well, you could set selinux enforcing (AUGH!!!). Another possibility is > run Bastille Linux on it to harden it. I really like the latter - I used > it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes, > this is years ago), and used that as my firewall/router, and in something > like 9 years online, on broadband, to the best of my knowledge, I never > had an intrusion.
Bastille Unix (renamed quite some time ago) has not been updated
in two years and is no longer supported to the best of my
knowledge; they announced an impending release in 2008 which
never occured and nothing has been heard since that I know of.
And why "AUGH!!!"? Selinux is enabled by default for a reason
and, quite frankly, has no need to be disabled except in the
most rare of corner cases; learning to properly make use of
selinux will, in the long run, make your life much easier.
I would never consider running an internet-facing host without
selinux in enforcing mode.
John
--
If man does find the solution for world peace it will be the most
revolutionary reversal of his record we have ever known.
-- George C. Marshall (1880 - 1959), American military leader and statesman,
creator of the Marshall Plan, the only US Army general to receive the Nobel
Peace Prize, Biennial Report of the Chief of Staff, US Army, 1 September 1945
pgpYrBUcNlMsj.pgp
Description: PGP signature
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
