I agree it has value. I learned it. Do I use it? Rarely. We use it on non control panel servers.
Jason Sent from my iPhone > On Oct 26, 2014, at 1:16 PM, jill <li...@bespokess.com> wrote: > > I would disagree on this point. Without getting into a debate over how/if it > works with cPanel, which I've never used, selinux absolutely has value. Well > beyond "if you're bored or taking a cert exam". A lot of people did say to > just disable it when it was new and seemed like to much effort to learn and > we have lingering remains of that in blog posts and docs here and there. And > no, not every workload in the world requires it. But that's a heck of a > kneejerk reaction to take without actually considering the technology and > where/if it fits for you. > > selinux does have an initial learning bump of getting used to thinking in > terms of access control beyond file ACLs and iptables, but it's not voodoo > and it is used very extensively and effectively in the real world. For > running an isolated dev environment like your initial question I'd say run it > in permissive (not disabled) because that way it won't stop you doing > anything but you can still see from audit.log what would/would not have > happened and use that to learn from if you are so inclined. > > You wouldn't disable iptables on external facing servers just because you had > an ASA in front of them (I hope). Same thing. Don't disregard a tool just > because you also have another, different one, especially for security. > > Jill > > >> On 2014-10-26 17:54, Keith Smith wrote: >> >> Probably not going to spend any time learning selinux then. >> >> >>> On 2014-10-26 12:52, Sesso wrote: >>> We have over 2000 servers and 0 have selinux enabled. I guess you >>> could understand it if you got bored or you wanted take a RHCE test. >>> >>> Sent from my iPhone >>> >>>> On Oct 26, 2014, at 10:29 AM, Keith Smith <techli...@phpcoderusa.com> >>>> wrote: >>>> >>>> >>>> No cpanel. It is a LAMP testing server running in VirtualBox. I was >>>> wondering if I should spend the time to understand selinux. If it is >>>> not used on production vhost servers than I will not spend the time. >>>> >>>> Thanks!! >>>> Keith >>>> >>>> >>>>> On 2014-10-26 12:15, Sesso wrote: >>>>> I guess it depends on what you are doing with it. Are you running >>>>> CPanel ? We disable it on all of ours. >>>>> Sent from my iPhone >>>>>> On Oct 26, 2014, at 9:41 AM, Keith Smith <techli...@phpcoderusa.com> >>>>>> wrote: >>>>>> Hi, >>>>>> I am configuring a CentOS 7 LAMP server in a virtualbox. >>>>>> I always disable selinux on my private dev servers. I read I should >>>>>> leave selinux enforcing. I am not configuring anything public so >>>>>> either way I'm sure I am safe. I was just wondering if selinux >>>>>> should be left enforcing. >>>>>> Thanks! >>>>>> Keith >>>>>> -- >>>>>> Keith Smith >>>>>> --------------------------------------------------- >>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>>> --------------------------------------------------- >>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>> >>>> -- >>>> Keith Smith >>>> --------------------------------------------------- >>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>> To subscribe, unsubscribe, or to change your mail settings: >>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> -- >> Keith Smith >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
