> I note you neglected to include and comment on the fact that if a box is > taken it *is* taken and theres not a thing selinux can do shit about it, > sure selinux might be all dandy for some cluless tart who has nfi about For a large number of cases SELinux in the basic setup will stop an exploit getting from something like core dumping the web server to executing arbitary code. Thats a big help. There are also cases it won't help you. It really comes into its own when you do custom setups for highly secure systems but that isn't a shippable generic policy and most users would certainly hate such a locked down box. > securing their pc and is directly connected to the net, but to large > ISP's its a complete hinderance and nuisance, but since we have ceased use I know several large ISP's who use SELinux extensively. > of all RH products as servers as at EOL of RH9 (the last decent RH > released product) and moved them all to slackware, we dont have any > problem, tried earlier fedoras, but that was never going to last with so > little update maintenance time frames and instability and unreliability Fedora isn't really intended for back end highly reliable boring server jobs, thats RHEL, Centos, SLES etc. Its intended to be current, usable and dynamic. If you like slackware, use it. If you don't like Fedora nobody is making you run it or sit on the list.
