On Sun, 2010-04-18 at 20:30 -0600, Tod Hansmann wrote: > I do avoid selinux, because I have never seen much of a need for it. > Always seems to cause problems with a load of things I want to do with > my server and working through them, while not impossible by any means, > takes more time than I want to spend on the minor security buffs it offers.
Red Hat publishes regular reviews of RHEL vulnerabilities, their severity, and how long it took for a fix to be released. An interesting pattern has emerged. All of the most critical vulnerabilities become either non-issues or significantly less important if SELinux is enabled. I consider that a significant advantage, not a "minor security buff". http://magazine.redhat.com/2009/03/10/risk-report-four-years-of-red-hat-enterprise-linux-4/ http://www.google.com/search?q=red+hat+risk+report -- "XML is like violence: if it doesn't solve your problem, you aren't using enough of it." - Chris Maden /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
