On Sat, 2005-02-19 at 17:03 +0000, Timothy Murphy wrote:
Rahul Sundaram wrote:
I've skimmed through the two references above, and remain unconvinced that SELinux has anything to offer me, a fairly standard home Linux user.
I'm running production web, mail and FTP servers and I don't appreciate the value of SELinux. Someone in the DShield list referred to this as "protection for the tinfoil helmet set."
However, I do not NAT SSH nor Telnet. For that matter, the only ports that are open are http, smtp, pop3 and ftp.
David and Rahul:
Do you allow 'home' user access through httpd or ftpd? Then you should consider Security Enhanced Linux (SELinux). If you have locked down your system or do not offer any of the 'standard' services, you don't. I suggest not using the highest level of SELinux, but use the targeted level, if you decide to use SELinux. I had it enabled, but disabled it after reading a lengthy article because I modified IPTables to disable SSH to the world but to restrict it to only localhost.
--
James McKenzie
With assistance, Now running 2.6.11rc3, Software Suspend 2
and ibm-acpi .1
Need a home for my .rpm