similar to: SELinux - way of the future or good idea but !!!

hi Just wondering if there is any statiscs report of selinxu usages in production environment? I know some still turn it off. thanks. min

http://wiki.centos.org/HowTos/SELinux says: "Access is only allowed between similar types, so Apache running as httpd_t can read /var/www/html/index.html of type httpd_sys_content_t." however the doc doesn't define what "similar types" means. I assumed it just meant "beginning with the same prefix". However that can't be right because on my system with

Are there existing rpms for courier mta? I am working from: http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL.

Hello all, I've played with both Zimbra and Scalix and they seem quite nice and do pretty much what I want. I'm now at the point where I am considering retiring my trusty old courier-imap service in favour of one of these two, unless of course anyone has any other recommendations or suggestions. I'd probably be doing this inside a centos 4.4 Xen VMs running on centos 5 when it comes

> > The best thing to do is add this to /etc/selinux/config > > SELINUX=disabled > > And then get on with the real jobs.... > Listening to all the pros and cons of SELinux. I'd like to improve the security of our regional web server using SELinux. We have a main regional web site and several virtual domains, kept up by private users, all on the same server. Some of

There's an article on slashdot about the Duqu team wiping all their intermediary c&c servers on 20 Oct. Interestingly, the report says that they were all (?) not only linux, but CentOS. There's a suggestion of a zero-day exploit in openssh-4.3, but both the original article, and Kaspersky labs (who have a *very* interesting post of the story) consider that highly unlikely, and the

A machine I set up to run OpenNMS stopped working last night - no hardware alarm lights, but keyboard/monitor/network unresponsive. After a reboot I see a large stack of messages like this in /var/log/messages: ---- Aug 20 14:02:34 opennms-h-03 python: SELinux is preventing /usr/sbin/monitor-get-edid-using-vbe from mmap _zero access on the memprotect . ***** Plugin mmap_zero (53.1 confidence)

Hello Everyone, I was using OpenGroupware but just hosed my system. Since I'm starting from scratch I would like to know what everyone's using for web based mail. I currently implemented cyrus-imapd and postfix which I used before. I was going to give dovecot a try but it wouldn't start even though it was supposed to be easier. I would like to move my postfix to a chroot but have

On Mon, Mar 2, 2015 at 4:43 PM, Tim Dunphy <bluethundr at gmail.com> wrote: >> >> errr, I meant, sftp, not rscp > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > regular ol' FTP using SELinux? Or does that just defeat the purpose of > having a secure SELlinux server entirely? What is the context here? The big problem

On Wed, Apr 15, 2015 at 6:48 PM, Matthew Miller <mattdm at mattdm.org> wrote: > On Wed, Apr 15, 2015 at 05:31:52PM -0500, Les Mikesell wrote: >> Thanks - I can see how those would work once you understand what is >> broken on the target system and why, but is there a way that programs >> 'should' be written to run with/without systemd? That just happened

Hello, After a yum update last night, I had a CenOS 5.4 i386 system pull in the following selinux updates: Jan 07 21:39:14 Updated: selinux-policy-2.4.6-255.el5_4.3.noarch Jan 07 21:39:31 Updated: selinux-policy-targeted-2.4.6-255.el5_4.3.noarch This machine has SELinux set to Enforcing. This morning, I see I got the following email from Cron: /etc/cron.daily/0logwatch: sendmail: warning:

If I boot a 5.7 install disk with 'linux rescue selinux=0', let it start the network and detect the installed system, ssh seems to work, but rsync fails with "rsync: connection unexpectedly closed (0 bytes received so far) [receiver]). Shouldn't it work as long as the underlying ssh connection works? It doesn't prompt for the ssh password and using -essh doesn't change

Hi, I admit I never gave security that much thought, that is, except the most basic security rules like choosing good passwords, or reasonable file and directory permissions. But now I have to change that, since I'll soon have to setup a dedicated production server for our public libraries. I wonder where to begin. I would say first thing is get a series of "auditing" tools

At the risk of angering the crash Gods, my sustem has NOT crashed again since I downgraded the kernel from 2.6.18-1.2239.fc5 to 2.6.18-1.2200.fc5. Given that newfound stability, and my lack of time, I'm going to put on hold any further diagnostics, until the next kernel revision is released. I have submitted a report at bugzilla.redhat.com (bug 218128). (Ah, nuts; accidentally created a

Last week I had a hard disk failure on my CentOS server. I managed to re-install CentOS on a new disk. I have the old mysql databases from /var/lib/mysql . Can I just move them to my new disk? Any help or suggestions gratefully received. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland

I have a serious privileges problem that is making it impossible to serve python pages on a CentOS server. I have tried to resolve this problem in my last post, but now it appears that interest has petered out. I'm desperate and hoping someone on this list can help. [Fri Nov 06 11:50:40 2009] [error] [client 66.248.168.98] (2)No such file or directory: exec of

On Wed, Apr 15, 2015 at 9:00 PM, John R Pierce <pierce at hogranch.com> wrote: > On 4/15/2015 6:52 PM, Les Mikesell wrote: >> >> Mostly I'm interested in avoiding surprises and having code that isn't >> married to the weirdness of any particular version of any particular >> distribution. And I found this to be pretty surprising, given that I >> could

Hey guys, For some reason I can't seem to enable SELinux on this one host. Here's my SELinux config file: [root at beta-new:~] #cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. #

What's the correct response to a security scan that points out that apache versions below 2.2.14 have multiple known vulnerabilities? Is there an official document about what known vulnerabilities have been fixed in the RHEL/CentOS updates or do you have to wade through the changelog to try to find each thing? -- Les Mikesell lesmikesell at gmail.com

On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote: > Do not attempt to relabel a guest in case its SELinux enforcing mode is > not "enforcing", as it is either pointless, or it may fail because of an > invalid policy configured. > --- > mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++- > 1 file changed, 25 insertions(+), 1 deletion(-) >