[TriLUG] Thoughts on SELinux - PIA or a good thing?
Matt Pusateri
mpusateri at wickedtrails.com
Tue Mar 16 22:33:36 EDT 2010
Yeah I don't know of anyone that runs it either, it's so hard to manage that I've never had time for the learning curve. Plus I don't carry a chicken around to sacrifice... Here's an interesting test, put SElinux in Warn mode, then go try to figure out from the logs all the things you'd have to fix and maintain, my guess is that you'll just disable it. And your admins probably aren't going to be given the time to get over the learning curve, b/c it sounds like if they won't take the time to do the regression tests, then their not going to take the time to make sure the admins can support SElinux properly. But hey I could be wrong :)
Matt P.
On Mar 16, 2010, at 9:25 PM, Ron Kelley wrote:
> Generally speaking, what do most people think about SELinux? A colleague is reviewing some security auditing procedures that highly recommend using SELinux (he is running on CentOS 5.4 servers). If they enable SElinux, they will have to do an entire regression test phase due to the potential effects of SELinux on their application (Ruby on Rails front-ended by Nginx.
>
>
> Normally, I disable SELinux and IPTables on my servers because they are all behind firewalls (and I only open the necessary ports).
>
>
> What do you guys think?
>
> -Ron
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG
mailing list