Re: [CentOS] disabling SELinux on CentOS: a good idea?
Peter Farrow wrote: Rogelio Bastardo wrote: I was banging my head against the wall trying to figure out why my Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and so I disabled SELinux and everything magically started working. Is this a good long term idea? Or is there a better way of doing things? -- This message has been scanned for viruses and dangerous content by the *Enhancion* http://www.enhancion.net/ system scanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi There, If your machine is purely a server and has no local accounts for ordinary users, you can implement an effective sercurity policy using appropriate partitioning, fstab entries, wrapper and firewall configuration without the baggage of SElinux. Save yourself the headache and turn it off! Well ... I totally disagree ... but we have had this conversation before :D SELinux is a tool that, when used correctly, can prevent many attempts to do things via vulnerabilities. Learning to use it correctly is the real answer. However, you can be secure with it turned off too ... it is just another layer. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disabling SELinux on CentOS: a good idea?
On 7/15/07, Johnny Hughes [EMAIL PROTECTED] wrote: Learning to use it correctly is the real answer. That's on my list of things to. I'm the meantime setroubleshoot helps me get by. -- Drew Einhorn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disabling SELinux on CentOS: a good idea?
On Friday, June 29, 2007 7:19 PM -0700 Rogelio Bastardo [EMAIL PROTECTED] wrote: I was banging my head against the wall trying to figure out why my Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and so I disabled SELinux and everything magically started working. Is this a good long term idea? Or is there a better way of doing things? SELinux is a tool, part of a suite of defenses you deploy as part of defense in depth to protect your assets. Only you can decide how valuable your assets are and how much effort you should expend protecting them. (But an usurped box also hurts the rest of us, once it becomes a bot available to spam or otherwise attack other hosts.) You should have other techniques in play to defend your system, such as iptables, tcp wrappers, LUA, SSL, and strong passwords. SELinux presents another hurdle that attackers must get past. My policy is not to permanently disable it but to figure out how to use it. I'm currently reading the two premier books on it to understand it. So far I haven't had to disable it to get things working, but I've had to defer deployment of some services or figure out workarounds. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disabling SELinux on CentOS: a good idea?
Rogelio Bastardo wrote: I was banging my head against the wall trying to figure out why my Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and so I disabled SELinux and everything magically started working. Is this a good long term idea? Or is there a better way of doing things? -- This message has been scanned for viruses and dangerous content by the *Enhancion* http://www.enhancion.net/ system scanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi There, If your machine is purely a server and has no local accounts for ordinary users, you can implement an effective sercurity policy using appropriate partitioning, fstab entries, wrapper and firewall configuration without the baggage of SElinux. Save yourself the headache and turn it off! Regards Pete ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] disabling SELinux on CentOS: a good idea?
I was banging my head against the wall trying to figure out why my Nagios install wasn't working on CentOS 4.5 (I'm used to Debian), and so I disabled SELinux and everything magically started working. Is this a good long term idea? Or is there a better way of doing things? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
