Re: SElinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Apr 02, 2006 at 08:08:42PM -0300, Jacques B. wrote:

> > I see your point - that there are levels of system
> > administrators...those that invest the time and energy into obtaining
> > the knowledge necessary to maintain their systems and those that rely on

Dude, it's a trade off. Is the time worth the added security?

> > point and click tools and where lacking the point and click tools and
> > the knowledge, opt out for expedience.

Where did "point and click" come from?

> > I agree that many opt out for expedience...too bad. Something inside
> > tells me that many of these people chide Windows systems for a lack of
> > security but I digress.

You're making some leaps in reasoning here.
 
> I'm not a sysadmin (but hope to develop my skills and become one in my
> next life).  But I can see why a sysadmin would want a user friendly
> interface and abundant (and clear) documentation to manage all aspects
> of SELinux.  I can imagine that many sysadmins are quite busy as it
> is.  Trying to wrap their heads around SELinux may be a challenge. 
> Certainly not rolling out security features for a customer could come
> back and bit us.  But also not being able to maintain the customer's
> system running smoothly (or can't get certain parts working at all)
> without investing more time than is available in a day is no doubt not
> an option for some sysadmins.  And if the downed system is costing the
> customer considerable loss of revenue then getting it up and running
> ASAP may be the first priority, not getting it up and running with
> maxium security features implemented.  Security is an afterthough in
> some cases, and of lesser concern unless it impacts the bottom line. 
> I suspect not many sales managers would tell you to take an extra 1/2
> day or longer to trouble shoot an application issue before resuming
> online sales if it can be resolved in a matter of seconds by simply
> disabling that application.  Risks vs benefits as it relates to the
> bottom line.
> 
> I may be totally off the mark here.  But that's my best guess at what
> some sysadmins are likely dealing with and why mastering SELinux is
> not a priority for them (or more accurately for their company).

SELinux has no business running on a user desktop (=kitchensink) 
if the policy is not well maintained. Things like RSBAC/grsecurity/SELinux+PaX
can be useful on a server.

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux