Why do I need SELinux?
James McKenzie
jjmckenzie51 at earthlink.net
Sat Feb 19 20:37:11 UTC 2005
Felipe Alfaro Solana wrote:
> On 19 Feb 2005, at 18:14, David Cary Hart wrote:
>
>> I'm running production web, mail and FTP servers and I don't appreciate
>> the value of SELinux. Someone in the DShield list referred to this as
>> "protection for the tinfoil helmet set."
>>
>> However, I do not NAT SSH nor Telnet. For that matter, the only ports
>> that are open are http, smtp, pop3 and ftp.
>
>
> All of them are points of attack. SELinux can protect what they can do
> in case a hacker tries to exploit them. Also POP3 and FTP are considered
> insecure as they use plain-text logins. Also, POP3 usually runs as root
> in order to access user mailboxes.
>
Any program that uses root level access needs SELinux. I run httpd as
apache:apache with no access to sudo and apache:apache has only access
to the httpd directories.
--
James McKenzie
With assistance, Now running 2.6.11rc3, Software Suspend 2
and ibm-acpi .1
Need a home for my .rpm
More information about the users
mailing list