Any program that uses root level access needs SELinux. I run httpd as apache:apache with no access to sudo and apache:apache has only access to the httpd directories.On 19 Feb 2005, at 18:14, David Cary Hart wrote:
I'm running production web, mail and FTP servers and I don't appreciate the value of SELinux. Someone in the DShield list referred to this as "protection for the tinfoil helmet set."
However, I do not NAT SSH nor Telnet. For that matter, the only ports that are open are http, smtp, pop3 and ftp.
All of them are points of attack. SELinux can protect what they can do in case a hacker tries to exploit them. Also POP3 and FTP are considered insecure as they use plain-text logins. Also, POP3 usually runs as root in order to access user mailboxes.
--
James McKenzie
With assistance, Now running 2.6.11rc3, Software Suspend 2
and ibm-acpi .1
Need a home for my .rpm
