discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Tully Gray <tullygray AT arc.net.au>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Security Management
- Date: Mon, 07 May 2012 19:44:54 +1000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian Koontz wrote:
>
> To be truthful, the first thing I do is disable selinux...because it
> seems like a never-ending battle to create the acls necessary that
> every application seems to need. I do run *all* my outward-facing
> services under chroot.
>
> --Brian
>
Hi,
I don't use SELinux but rather the RBAC rules from GRsecurity.
However I tend to agree with your assessment; RBAC rules can be
tedious to maintain too. I guess that if OpenNIC were a large security
focused company then it would be possible to employ people whose
job it was to maintain such rules. SELinux and GRsecurity based
Linux systems can be configured in a manner that doesn't make full
use of all their features, which makes the job somewhat easier.
Tully Gray.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iQIcBAEBAgAGBQJPp5mSAAoJEKNjRVNXXwT+ZbgP/1+fDO0lps2hFt3Y6BfkOfOM
QXEyD7u2RsCUuZzi4KFjxXy/JOJorH5Ui7S/nLfo99HNgVciBI/dCRTOV0XOJzoc
sRwdjisbIHCHKA1/GPtuN8RzQ2vhPzZ+DjajLolUUWWXPSz7kDcMEoQxfvGNK41M
HT5izVB6/lFpYNVDrcEe/5qCUAnjuu0PG6TzqJfHMFPLKVPsMIU5h4+9vqOK6MRv
3mpK3BeHlfhLj5ooUPRf+Y/a3D2N5xAG76CI6wdhGt/RIUgu6VXVzjPODCLh9w6f
PVQA3A1HF4Od4pT2U1WsloArLBdWYSVYpnCOEeAcQTo2MGJmOeV0LJDmTIR/n8GB
bmCdNxE4zIJxmIzF5Kc7sSFGA/+tnelCxeDFIcbkd8sk167QdHfzYDpzd6kbS0bR
fetJ+SrcttBs3e+R29xnEucukJozM+FGJPDZhWcBeS3bCLXaWkTYsOdD6hEezJFg
LtKgj1+tWBgdxgWrVIQadmjoS6Z4Rk9Iu3ISpxZdymviBJjOnSN+Z9ySH7dnqvSF
cN/xJzSx3ed/GJh2YUmEEkaEsRjH3n+ske2pwHNyL57mrkxKNJFEkwYkegasyQ0g
kn/W4pC0tIALEDgZFxPm+uScPPz2PWM0oDaxl/aljQsppHdOVAFOkHV+muDqwHmz
guunFTbqFhEayzb4UntR
=Yk6z
-----END PGP SIGNATURE-----
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, (continued)
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Dale, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, webmaster, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Alex, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Brian Koontz, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Alex, 05/03/2012
- [opennic-discuss] OpenNIC Security Management, josen, 05/05/2012
- Re: [opennic-discuss] Security Management, Falk Husemann, 05/05/2012
- Re: [opennic-discuss] Security Management, Jeff Taylor, 05/05/2012
- Re: [opennic-discuss] Security Management, Tully Gray, 05/06/2012
- Re: [opennic-discuss] Security Management, Brian Koontz, 05/06/2012
- Re: [opennic-discuss] Security Management, Tully Gray, 05/07/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Daniel L, 05/02/2012
- Re: Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, webmaster, 05/02/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Alex Hanselka, 05/02/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Alex, 05/02/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Brian Koontz, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Falk Husemann, 05/02/2012
- [opennic-discuss] question, Daniel L, 05/02/2012
- Re: [opennic-discuss] question, Alex Hanselka, 05/02/2012
- Re: [opennic-discuss] question, Alex, 05/02/2012
- Re: [opennic-discuss] question, Alex Hanselka, 05/02/2012
- [opennic-discuss] question, Daniel L, 05/02/2012
Archive powered by MHonArc 2.6.19.