Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-01-09 at 07:53 +0100, Paul Howarth wrote:
> On Wed, 2005-08-31 at 22:23 -0700, CHAT KHODA wrote:
> > Dear friends,
> > As you know new versions of fedora are comming with
> > SELinux feature.I wonder to know whether it is a good
> > idea to enable this feature on a web-mail server or
> > not? .Somebody advised me ;this feature will cause
> > disturbing circumstances,but I wish to know if you
> > have any comment.
> 
> A web/mail server is exactly the type of application that SELinux works
> well with. You may have difficulty at first understanding it (read
> http://fedora.redhat.com/docs/selinux-apache-fc3/ for a good start) but
> it's worth the effort.

Beware that SELinux is designed to provide a higher level of 
security than the standard file system and access controls 
built in to the applications. More specifically if you have 
anything that uses sendmail directly rather than using SMTP 
you will have problems. If possible configure you PHP, PERL 
or other software to use SMTP on localhost rather than 
using sendmail directly, it will save you some headaches.

Overall I have only had few problems with RHEL4 and FC3 with 
SELinux enabled, and most were simple to work around, and 
left the system more secure in the process.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux