Hi Yasha, 2011/11/15 Yasha Karant <[email protected]>
> [...] > Although SL follows TUV, supposedly El Repo and some of the other > repositories actually are willing to fix the bugs in the TUV distribution > or to add vital functionality (such as additional device drivers for > hardware not supported by TUV), perhaps one of these other EL compatible > repositories will fix this issue? > I don't think that the SL team or any other team has the man power to fix RHEL bugs or even more important to test them. It's one thing to fix a bug in a specific environment but a complete different story to do the same for the hole installation base. Without complex automate test units it is nearly impossible. > [...] > As an aside following onto your "stone" comment, I do not recommend > SELinux to most of my students for most situations; for > professional/commercial use as a server, I recommend an appropriate > (generally "high") throughput stateful inspecting dedicated hardware > firewall defending the server -- unfortunately, an expensive solution. > This is off-topic for SL but an IDS is also senseless without a complete strategy. From my point of view this mean, start to strip down the OS to the nessaccary services, don't allow users on OS level (users should only reside in the application service), use CM, orchestration and other security and controls to ensure that the possible vulnerabilities in the local landscape stay small. Regards, Thomas -- Linux ... enjoy the ride!
