Re: Why do I need SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Felipe Alfaro Solana wrote:
On 19 Feb 2005, at 18:14, David Cary Hart wrote:

I'm running production web, mail and FTP servers and I don't appreciate
the value of SELinux. Someone in the DShield list referred to this as
"protection for the tinfoil helmet set."

However, I do not NAT SSH nor Telnet. For that matter, the only ports
that are open are http, smtp, pop3 and ftp.


All of them are points of attack. SELinux can protect what they can do in case a hacker tries to exploit them. Also POP3 and FTP are considered insecure as they use plain-text logins. Also, POP3 usually runs as root in order to access user mailboxes.

Any program that uses root level access needs SELinux. I run httpd as apache:apache with no access to sudo and apache:apache has only access to the httpd directories.
--
James McKenzie
With assistance, Now running 2.6.11rc3, Software Suspend 2
and ibm-acpi .1
Need a home for my .rpm



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux