LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

October 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS October 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Is removing selinux a bad idea?
From:	Jeff Siddall <[log in to unmask]>
Reply To:	Jeff Siddall <[log in to unmask]>
Date:	Fri, 21 Oct 2011 10:49:47 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (24 lines)

On 10/20/2011 10:30 PM, Todd And Margo Chester wrote:
> Hi All,
>
> I have always found selinux a pain in the neck, and in
> past have just removed it to get my stuff working.
>
> Question: what are the ramifications of just removing
> selinux from SL 6.1? Is selinux worth the effort?
>
> Many thanks,
> -T

It _is_ a pain in the neck and that fact alone is evidence that it is 
helping protect your system.

I leave it enabled on any machine that listens on the internet or that 
is publicly accessible.  However, you will certainly need to get 
friendly with sealert, audit2allow etc. and create custom policies to 
get some things working.

It's not really that hard and IMO worth the extra effort.

Jeff

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV