Why do I need SELinux?

Felipe Alfaro Solana lkml at mac.com
Sat Feb 19 20:01:51 UTC 2005


On 19 Feb 2005, at 18:14, David Cary Hart wrote:

> I'm running production web, mail and FTP servers and I don't appreciate
> the value of SELinux. Someone in the DShield list referred to this as
> "protection for the tinfoil helmet set."
>
> However, I do not NAT SSH nor Telnet. For that matter, the only ports
> that are open are http, smtp, pop3 and ftp.

All of them are points of attack. SELinux can protect what they can do 
in case a hacker tries to exploit them. Also POP3 and FTP are 
considered insecure as they use plain-text logins. Also, POP3 usually 
runs as root in order to access user mailboxes.




More information about the fedora-list mailing list