SElinux
Howard Gibson
hgibson-MwcKTmeKVNQ at public.gmane.org
Sat Aug 16 03:35:19 UTC 2014
On Fri, 15 Aug 2014 23:21:10 -0400
Digimer <lists-5ZoueyuiTZiw5LPnMra/2Q at public.gmane.org> wrote:
> On 15/08/14 11:11 PM, Howard Gibson wrote:
> > On my home computer and laptops, SElinux is a pain in the butt.
> >
> > Who is protected by SElinux? Does it protect the system from rogue users, or does it protect from external crackers?
>
> Say you had a web service installed, maybe without realizing. Now assume
> someone compromises that web interface while you enjoy a coffee at the
> local $coffee_house. SELinux just saved you from the compromised apache
> from getting control of your system because the apache context isn't
> allowed to touch system files.
>
> etc.
Digimer,
As a matter of fact, I do have a web server installed on both my desktop and my favourite laptop. My desktop sits behind my firewall at home. My laptop's firewall is set to allow nothing through. I have even turned off ping. I need to visit a Second Cup with it to verify that it passes True Stealth analysis at http://www.grc.com. At a lot of sites, GRC seems to test the WiFi server, not me.
I can see that if I am administering work machines, particularly in a secure environment, I will have to debug some applications and file ACLs to keep the system running. This protects me from rogue users. There probably is no need for the users to try out multiple applications. At home here, I want to.
--
Howard Gibson
hgibson-MwcKTmeKVNQ at public.gmane.org
howard.gibson-PadmjKOQAFnQT0dZR+AlfA at public.gmane.org
jhowardgibson-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
http://home.eol.ca/~hgibson
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list