[Wolves] Linux Security

[David Goodwin]

Simon C. Burke wrote:
> Hi all,
> 
> I recently acquired a Compaq CL380 that I'm currently upgrading and 
> making to a couple of servers, (I think two people may know from where I 
> acquired this server *looks at Chris and Dave*).

Is that me [Dave] ?
If Chris is involved, I can guess where it's from.

> 
> Are things like SELinux worthwhile? Or can the same effect be achieved 
> by hand per process? (would take an eon I know)
> 

My minimal experiences with SELinux (RHEL5 on a LAMP server) are that it 
can be a right pain in the bum and caused me enough grief to disable it. 
The theory behind it is great - but in my case, it seemed that it 
convienantly forgot the custom modifications I'd made to the SELinux 
policy after a random amount of time - causing the app to stop working.

You might also want to look at AppArmo[u]r

If you're really paranoid about security, I think using Gentoo with a 
kernel with the various PaX stuff enabled it probably the way to go - 
but this may cause other issues (i.e. if $customer expects to get 
support from someone like RedHat)

David.

-- 
David Goodwin

[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk       ]