On 7/24/07, Wayne Betts <[log in to unmask]> wrote:
> Brett Viren wrote:
> And to answer the original question of this thread...  I'm on the fence
> about the value of selinux.  Linux was already pretty darn "securable"
> -- selinux seems to add unintuitive complexity for all but the die hard
> admins that will likely cause much grief in exchange for few if any
> "saves", but over time the balance will shift in its favor as more
> people become comfortable with it.  If someone has an anecdote of how
> selinux saved the day at some point, please share it!
>

Most of my saved the days are from a sister lab :). THe places where I
found it useful was where webserver had a PHP program installed for a
'summer' project and then forgotten. Our sensors were showing some
'odd' traffic to the server and we went to look at it. In the end, the
box was found to be ok, because none of the exploits could be run from
Selinux blocks. If the exploits had been run, there would have been
some bad issues because the box hadn't been updated since the project
had ended.


-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"