Re: How secure is Fedora without SELinux ?
On Wed, Aug 13, 2008 at 06:43:36PM +0530, Rahul Sundaram wrote: David Jansen wrote: How secure is a current Fedora (9) system without SELinux? Of course it is less secure than the same system with SELinux enabled, but is it still at the same level of security as any other Linux distribution that doesn't come with SELinux enabled? or are there packages that depend on SELinux for their security, eg services that run as root on Fedora in stead of as an unpriviledged user, assuming that SELinux takes care of limiting root to what the service is supposed to do? SELinux is a additional security layer above and beyond the regular security features. Nothing in Fedora would solely rely on SELinux to provide the basic security. http://fedoraproject.org/wiki/Security/Features Rahul Thanks for the quick and useful answer! David -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: How secure is Fedora without SELinux ?
On Wed, Aug 13, 2008 at 8:00 AM, David Jansen [EMAIL PROTECTED] wrote: How secure is a current Fedora (9) system without SELinux? Of course it is less secure than the same system with SELinux enabled, but is it still at the same level of security as any other Linux distribution that doesn't come with SELinux enabled? or are there packages that depend on SELinux for their security, eg services that run as root on Fedora in stead of as an unpriviledged user, assuming that SELinux takes care of limiting root to what the service is supposed to do? (my actual problem was a machine running a web- and mailserver with lots of software that doesn't come from Fedora repositories, eg Joomla and other web applications, where I haven't managed to figure out how to make those things work together with SELinux) I can tell you from experience... especially for these things that run on the public internet, put in the time to get SELinux to work. This may include rolling your own policies IF the things you are running are of such a variety. As time passes by, the likelyhood that SELinux saves your ass increases. -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com ) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: How secure is Fedora without SELinux ?
David Jansen wrote: How secure is a current Fedora (9) system without SELinux? Of course it is less secure than the same system with SELinux enabled, but is it still at the same level of security as any other Linux distribution that doesn't come with SELinux enabled? or are there packages that depend on SELinux for their security, eg services that run as root on Fedora in stead of as an unpriviledged user, assuming that SELinux takes care of limiting root to what the service is supposed to do? SELinux is a additional security layer above and beyond the regular security features. Nothing in Fedora would solely rely on SELinux to provide the basic security. http://fedoraproject.org/wiki/Security/Features Rahul -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: How secure is Fedora without SELinux ?
On Wed, Aug 13, 2008 at 5:00 AM, David Jansen [EMAIL PROTECTED]wrote: (my actual problem was a machine running a web- and mailserver with lots of software that doesn't come from Fedora repositories, eg Joomla and other web applications, where I haven't managed to figure out how to make those things work together with SELinux) I would encourage you to seek assistance from a communication channel such as a list or irc or forum to selinux issues before giving up on it. A web services situation running lots of...different codebases...potentially opens you up to more avenues of attack...that selinux is meant to help prevent. Once you find the right selinux community to ask, you might find that you can fix the context problems you are having with small changes to where your application files are housed on disk..without even building your own policy. -jef -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list