Conflicted about SELinux; need advice
James Wilkinson
james at westexe.demon.co.uk
Mon Nov 15 23:18:44 UTC 2004
Marc Schwartz wrote:
> Ultimately, it is your call, but I would not use the "I am not running
> servers" argument as the basis for using or not using SELinux. More
> security is a good thing, even on a desktop.
Mind you, the default targeted policy might not buy you much on a
"normal" desktop.
http://fedora.redhat.com/docs/selinux-faq-fc3/ says:
# dhcpd, httpd (apache.te), named, nscd, ntpd, portmap, snmpd, squid,
# and syslogd [are protected].
A normal desktop shouldn't need httpd, named, or squid. Many of them
won't need portmap or snmpd. A solo desktop on dial-up probably won't
want dhcpd or ntpd (and almost certainly won't want portmap and snmpd).
That leaves syslogd, which shouldn't be open to the network in these
situations, and nscd. Which I've just realized I'm not even running...
James.
--
E-mail address: james | "Luck is my middle name," said Rincewind,
@westexe.demon.co.uk | indistinctly. "Mind you, my first name is Bad."
| -- Terry Pratchett, Interesting Times
More information about the users
mailing list