I would disagree on this point. Without getting into a debate over how/if it works with cPanel, which I've never used, selinux absolutely has value. Well beyond "if you're bored or taking a cert exam". A lot of people did say to just disable it when it was new and seemed like to much effort to learn and we have lingering remains of that in blog posts and docs here and there. And no, not every workload in the world requires it. But that's a heck of a kneejerk reaction to take without actually considering the technology and where/if it fits for you.
selinux does have an initial learning bump of getting used to thinking in terms of access control beyond file ACLs and iptables, but it's not voodoo and it is used very extensively and effectively in the real world. For running an isolated dev environment like your initial question I'd say run it in permissive (not disabled) because that way it won't stop you doing anything but you can still see from audit.log what would/would not have happened and use that to learn from if you are so inclined. You wouldn't disable iptables on external facing servers just because you had an ASA in front of them (I hope). Same thing. Don't disregard a tool just because you also have another, different one, especially for security. Jill On 2014-10-26 17:54, Keith Smith wrote: > > Probably not going to spend any time learning selinux then. > > > On 2014-10-26 12:52, Sesso wrote: > > We have over 2000 servers and 0 have selinux enabled. I guess you > > could understand it if you got bored or you wanted take a RHCE test. > > > > Sent from my iPhone > > > >> On Oct 26, 2014, at 10:29 AM, Keith Smith <[email protected]> > >> wrote: > >> > >> > >> No cpanel. It is a LAMP testing server running in VirtualBox. I was > >> wondering if I should spend the time to understand selinux. If it is > >> not used on production vhost servers than I will not spend the time. > >> > >> Thanks!! > >> Keith > >> > >> > >>> On 2014-10-26 12:15, Sesso wrote: > >>> I guess it depends on what you are doing with it. Are you running > >>> CPanel ? We disable it on all of ours. > >>> Sent from my iPhone > >>>> On Oct 26, 2014, at 9:41 AM, Keith Smith <[email protected]> > >>>> wrote: > >>>> Hi, > >>>> I am configuring a CentOS 7 LAMP server in a virtualbox. > >>>> I always disable selinux on my private dev servers. I read I should > >>>> leave selinux enforcing. I am not configuring anything public so > >>>> either way I'm sure I am safe. I was just wondering if selinux > >>>> should be left enforcing. > >>>> Thanks! > >>>> Keith > >>>> -- > >>>> Keith Smith > >>>> --------------------------------------------------- > >>>> PLUG-discuss mailing list - [email protected] > >>>> To subscribe, unsubscribe, or to change your mail settings: > >>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > >>> --------------------------------------------------- > >>> PLUG-discuss mailing list - [email protected] > >>> To subscribe, unsubscribe, or to change your mail settings: > >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > >> > >> -- > >> Keith Smith > >> --------------------------------------------------- > >> PLUG-discuss mailing list - [email protected] > >> To subscribe, unsubscribe, or to change your mail settings: > >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- > > PLUG-discuss mailing list - [email protected] > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > -- > Keith Smith > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
