[lug] Re: SELinux

Sean Reifschneider jafo at tummy.com
Sun Mar 12 11:47:10 MST 2006


On Sat, Mar 11, 2006 at 03:12:42PM -0700, David L. Anselmi wrote:
>Really I'm curious what people are using SELinux for that make them 
>value it (and saying "I can't imagine a use for..." seems to be a pretty 
>good way to get replies ;-)

As I said before, the default setup of SELinux on FC4/CentOS seems to be
sufficient to prevent a lot of the HTTP-based attacks from getting traction
to get into the rest of the system.  That's a very useful thing for a
system running web apps because so many of them have holes.  The majority
of system compromises we are called in to clean up after seem to have been
done through web applications, so it's filling an important need.

Thanks,
Sean
-- 
 In the end, we will remember not the words of our enemies, but the silence
 of our friends.  -- Martin Luther King Jr.
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability




More information about the LUG mailing list