Securing FC 4
Paul Howarth
paul at city-fan.org
Mon Aug 22 06:51:11 UTC 2005
On Sun, 2005-08-21 at 14:57 -0400, AragonX wrote:
> <quote who="Paul Howarth">
> > I'd still say so. Unless one "security feature" is complete subset of
> > another one, using that feature should enhance security (i.e. the more
> > layers of defences the better).
> >
> > Regarding SELinux, I'd still try to get to grips with it if I was you
> > (if not now, as a longer-term project). It's actively supported in
> > Fedora and is only likely to get better and easier to manage as time
> > goes on. I found http://fedora.redhat.com/docs/selinux-apache-fc3/ to be
> > a very useful guide, including tips on customising policy.
>
> Well, since SELinux and LIDS both provide ACLs, they offer basically the
> same type of security. I do not believe it's possible or even reasonable
> to have two ACL systems at the same time.
>
> In addition to the problem with complexity, SELinux has licensing issues
> that make it less desirable. Check here:
>
> http://security.linux.com/security/05/03/11/2313226.shtml
Hmm, interesting!
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list