Who would / Who wouldnt need to run SELinux? I have linux server at home. Would I need to run SELinux? What are the advantages of SELinux? What is the average home user doing?
On Tue, 2006-04-04 at 23:15 -0500, Chris Weisiger wrote:> Who would / Who wouldnt need to run SELinux? > > I have linux server at home. Would I need to run SELinux? > > What are the advantages of SELinux? > > What is the average home user doing?---- it's an extra layer of security. You of course can shut it off or you can work through any 'blocks' that it creates that keep you from doing some things. It's up to you. It would appear that most on this list shut it off, judging only by the relatively few SELinux questions on this list. I would think that the 'average home user' is more likely to run Fedora than CentOS because the desktop applications are much newer. Craig
On Tue, 2006-04-04 at 23:15 -0500, Chris Weisiger wrote:> Who would / Who wouldnt need to run SELinux? > > I have linux server at home. Would I need to run SELinux? > > What are the advantages of SELinux? > > What is the average home user doing?http://www.redhat.com/v/swf/SELinux/ -- Ignacio Vazquez-Abrams <ivazquez at ivazquez.net> http://centos.ivazquez.net/ gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 191 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20060405/254818c2/attachment-0001.sig>
On Tue, 2006-04-04 at 23:15 -0500, Chris Weisiger wrote:> Who would / Who wouldnt need to run SELinux?On servers it is useful as an extra line of defense. I have it enabled on my workstation-ish machines, because it hasn't got too much in the way. Of course, YMMV.> I have linux server at home. Would I need to run SELinux?I guess that it is up to your own judgement. If the server is only used internally and is not connected to the net, tuning SELinux for your goals may not be worth the hassle. If the server provides services to the outside world, it is seriously worth considering to use SELinux. E.g. a fairly standard webserver usually requires only little modification to the default policies. The upstream vendor's "SELinux Guide" helped me a lot with making smaller modifications: http://www.centos.org/docs/4/html/rhel-selg-en-4/> What is the average home user doing?Most home users that I have seen disable SELinux. Of course, there is a difference between "is" and "ought". -- Daniel
Chris Weisiger wrote:> Who would / Who wouldnt need to run SELinux? > > I have linux server at home. Would I need to run SELinux? > > What are the advantages of SELinux? > > What is the average home user doing? >Up to you. I imagine the average home user does not run SELinux if it gets in their way, but does if the setup is easy. Just a guess though. If you are worried about security, I would check out Bastille http://www.bastille-linux.org/running_bastille_on.htm , and Firestarter http://www.fs-security.com/. Bastille changes some of the CentOS default settings to more secure values, firestarter is an iptables front end that will allow you to easily block outgoing ports and ban IP subnets (two things system-config-security can not do).