NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
If it maters, I'll add my voice. Quick aside, my day job for the past 15+ years has been an IT security engineer/consultant..it's my job to be paranoid and tell clients what to do and not to do..so it pains me when I say.... Do _NOT_ use SELinux on a server unless it is a multi-user system (eg: multiple different people login and peform functions on it in a realtime basis). Given that an LDM server should be sitting over in a closet with no logins on it other than the administrator(s). There is no need for SELinux. It will just make your life more difficult while adding a layer of protection you don't need. Instead, take the base OS, harden it using whatever tools/techniques you have, turn off everything but SSH and LDM (and enable other things as needed, apache, etc) and you'll be good to go. A properly configured and hardened box is 100x more important than running SELinux. -Tyler AllisonHouse LLC On Tue, Apr 20, 2010 at 12:43 PM, Dan Vietor <devo@xxxxxxxxxxxxx> wrote: > On Mon, 2010-04-19 at 17:33 -0500, Gerry Creager wrote: > > Peter, > > Experience has shown that SELinux and LDM were not, in the past, > friends. I'd also argue that, unless you're with NSA, it's likely not > needed for most LDM machines. Enforcing SELinux has caused me all sorts > of issues in the past, with few identifiable benefits. > > > I'll second that. SELinux is OK for a desktop system (email, web, word > processing) or a file server but it is unusable for most other > applications. At least now, there is a way to configure it to allow > certain things but getting that to work can be painful. I find if you're > not making the computer publicly accessible (i.e. remote login from the > world), you don't need that level of security. So why go through the pain > to try and enable SELinux. > > > ------------------------------ > > > *Daniel Vietor* *Mail:* devo@xxxxxxxxxxxxx Unisys Corp > *Title:*Engineer/Meteorologist 2476 Swedesford Rd > *Phone:* 610-648-3623 Malvern PA 19355 *Fax:* 610-695-5524 > > _______________________________________________ > ldm-users mailing list > ldm-users@xxxxxxxxxxxxxxxx > For list information or to unsubscribe, visit: > http://www.unidata.ucar.edu/mailing_lists/ >
ldm-users archives: