-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/23/2016 09:52 AM, bruce wrote:
Hi.
In testing out creating/setting up remote droplets on digital ocean/fed (centos), I realize that it should be secured as much/tightly as possible. However, I also realize that if I screw something up, I could have an instance that has issues. I'm not a sys admin, and not trying to be one.
So, here's my question. If I'm going to be spinning up/down an instance, could I simply disable selinux? For my scenario, I'll be creating a base instance, with the required apps/processes, and then using that base instance for any testing droplets I need to create, to test my apps.
So, if I create an instance, spin it up, fire off my tests on the instance, run everything for a few hours, and then shut it off, would that be "reasonably safe/secure"?
My testing apps are a mix of python/php/perl/shell scripts, there's no web stuff as of yet. Although, there will be dns/nfs/mysql functionality.
Thanks for thoughts..
Sorry I'm late to the thread.
Bruce, I'd love your opinion on the "SELinux for Mere Mortals" talk from Red Hat Summit: https://www.youtube.com/watch?v=MxjenQ31b70
Disclaimer: it's a video of me, and I work for Red Hat.
I've gotten a lot of positive feedback on the video, and I hope that it will make your decision easier. It's only about an hour, and pretty much everyone who has watched it has said they'd use SELinux after watching it. I am clearly biased, but I would not run any internet-facing system without SELinux turned on. Heck, I don't run *any* system without it.
I hope this helps!
Thomas