Re: Conflicted about SELinux; need advice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Marc Schwartz wrote:
> Ultimately, it is your call, but I would not use the "I am not running
> servers" argument as the basis for using or not using SELinux. More
> security is a good thing, even on a desktop.

Mind you, the default targeted policy might not buy you much on a
"normal" desktop.

http://fedora.redhat.com/docs/selinux-faq-fc3/ says:

# dhcpd, httpd (apache.te), named, nscd, ntpd, portmap, snmpd, squid,
# and syslogd [are protected].

A normal desktop shouldn't need httpd, named, or squid. Many of them
won't need portmap or snmpd. A solo desktop on dial-up probably won't
want dhcpd or ntpd (and almost certainly won't want portmap and snmpd).

That leaves syslogd, which shouldn't be open to the network in these
situations, and nscd. Which I've just realized I'm not even running...

James.
-- 
E-mail address: james | "Luck is my middle name," said Rincewind,
@westexe.demon.co.uk  | indistinctly. "Mind you, my first name is Bad."
                      |     -- Terry Pratchett, Interesting Times


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux