On Mon, 2006-07-31 at 06:18 -0500, Robert C Wittig wrote:
> Arsenic wrote:
> > Update: I just discovered that disabling SELinux (adding selinux=0)
> > at boot time obliterates all my problems. The startup and shutdown
> > errors are gone and I have full use of the internet. I've tried
> > going straight to runlevel 5 this way and it works. I get to my
> > graphical login screen without a hitch.
> >
> > I still don't know what happened exactly but turning SELinux off
> seems
> > to solve the issue.
> >
> > My question now is; just how important is Security Enhanced Linux?
> > Would it be a bad idea to just leave it disabled? I've never really
> > considered whether or not I need it before... I always just ticked
> the
> > box when I installed b/c, you know, it just seemed like a good thing
> > to say 'yes' to.
>
> I don't know anything about SEL, and in fact, only learned about its
> existence in this thread.
>
> I am, however, running a fairly secure LAN without it, because I use
> packet filtering and stateful packet inspection on my DSL
> modem/router,
> and pf on my OpenBSD web and mail servers, and the other usual
> precautions, like soft firewalls on Windows installations, that will
> not
> permit any unauthorised outbound traffic.
>
> If SEL is (as I suspect it would be) configurable, as opposed to
> being
> an 'all or nothing' solution, perhaps your best solution is to figure
> out how it might be configured, to deliver both security, and in
> Internet connection.
>
> I know that on OpenBSD, if pf is run in it's default state, it blocks
> all inbound and outbound traffic... you have to then write rule
> allowing
> the connections you want. This is a much better strategy (starting
> with
> 'block all') and then writing rules that will over-ride the universal
> rule, than to start with 'allow all', and then write rules blocking
> the
> things that you don't want.
>
> --
> -wittig http://www.robertwittig.com/
> . http://robertwittig.net/
That all seems reasonable. What you said does give me at least an idea
of what might have happened (SEL blocking all connections). I hadn't
even considered that it would be configurable. It always just seemed
like something you turned on or turned off. I guess I'll do some
research today about where/how to configure it.
Thanks for all your help, Robert.
[Non-text portions of this message have been removed]
To unsubscribe from this list, please email [EMAIL PROTECTED] & you will be
removed.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/LINUX_Newbies/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
