Re: Security basics

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Thu, 2007-10-04 at 00:26 +0100, Jonathan Underwood wrote:
> On 03/10/2007, Alan M. Evans <[email protected]> wrote:
> > Keep your SSH and your "real password" and sleep like a baby. As for me,
> > I won't trust SSH alone. I employ other methods, including rsa keys,
> > special iptables rules, and SELinux, to enhance the security of my
> > system. (For the record, I run SSH on the standard port, despite the
> > fact that I claim it would enhance security further.)
> >
> I'd be interested to know what SElinux policy changes you've
> implemented to add further security to sshd?

None, actually. Sorry if I was misunderstood. I merely mentioned SELinux
because I'm aware that Karl doesn't think it's useful and I do because
of the "layered security" model that I was discussing. Karl was saying,
in effect, that SSH and a "good" password were enough, and that's why I
was mentioning layered security.

In retrospect, it probably shouldn't have been lumped in with the rsa
keys and iptables rules.

(Also, Karl may not have anything against SELinux. I just made that
statement without researching the list history because in my mind I
lumped him in with the cabal of anti-SELinux guys. That impression may
be incorrect.)

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux