PDA

View Full Version : If you don't understand it, don't turn it off!



Vlad
November 27th, 2007, 09:17 AM
I've noticed an alarming trend. A lot of new people are getting into GNU/Linux and the OSS movement. Thats great! Its wonderful to see more people getting involved but more education needs to be done before blindly switching to a new OS. A lot of people have been disabling SELinux. That makes me cringe. If something isn't working you don't disable security to get it to work. Its the same thing as someone running windows doing this, and I'm sure we've all seen it happen. "Oh this <insert asinine program> doesn't work because this firewall thing won't let it! I'll just turn it off, it just gets in the way..." Then they can't figure out why their computer as been utterly destroyed by malware.

SELinux is a Mandatory Access Control system that really limits or even eliminates how much damage a malicious user or cracker can do to your system. Even poorly coded programs are prevented from scrambling things about. The thing is, SELinux runs on a boolean system. 0 or 1. It usually takes one command to tell it its ok for program foo to interact with bar and not break it. There's even a trouble shooter that pops up to tell what tried to do what and where. The same GUI trouble shooter also gives you the EXACT command to allow that program to run properly so all you have to do is copy past that command into a terminal and be on your merry way still secured yet people leap to the first "catch all" solution and disable it.

Granted GNU/Linux is less vulnerable to malware, the chances of something bad happening are greatly reduced by a MAC system like SELinux. So if you wouldn't run with out a firewall or AV on a Windows box, why on earth would you disable one of the security layers of Linux? Ugh, I've heard of people even turning off IPtables somehow.

Ow my brain...

Anonymous Freak
December 8th, 2007, 01:02 AM
Your topic title reminds of the magic switch (http://catb.org/jargon/html/magic-story.html).

Thrashbarg
December 9th, 2007, 12:59 AM
Hehehe... the CPU thermal monitor on my now dead 3GHz PC kept on going off, so I set it for the highest setting. It STILL kept on going off so I disabled it. The motherboard eventually failed and now I'm on a G4 PowerMac. Never been happier!

atari2600a
December 9th, 2007, 01:23 AM
Your topic title reminds of the magic switch (http://catb.org/jargon/html/magic-story.html).

This makes me wonder what would happen when restarting the PDP-10 with the ground in conjunction w/ the case...

mbbrutman
December 9th, 2007, 07:43 AM
SELinux has been nothing but a pain in the bottom for me.

I run a wide variety of apps, some of them pre-historic. None of my machines are in 'hostile territory', and even so I turn off non-essential services. The only thing that SELinux has done for me is lengthen the time it takes to find out why something is broken on a new install .. For my work it's just not worth the hassle. Just about as bad as using the LVM on a single drive system that you never intend to add onto. These things are overhead ..

Now, for somebody moving over from Windows, I'd probably leave it enabled. I'd also have it locked down so hard that they couldn't wipe their nose after sneezing without prior authorization. ;-0

evildragon
December 9th, 2007, 08:49 AM
Now, for somebody moving over from Windows, I'd probably leave it enabled. I'd also have it locked down so hard that they couldn't wipe their nose after sneezing without prior authorization. ;-0
Sounds like Vista (since using it on my new laptop).

"You are about to sneeze. Allow, or disallow?"

Vlad
December 9th, 2007, 10:12 AM
The Irony is I've left that OS since it wasn't meeting my needs and now I have App Armor, which is like SELinux but not as anal or vocal about it. I know what you mean Mike, by default Apache doesn't even run correctly. The commands are kinda cryptic too for some reason. I trust my hardware firewall enough to go with out MAC, but when people turn it off and get hacked is when I point stuff like that out :P

Vlad
December 9th, 2007, 10:14 AM
Your topic title reminds of the magic switch (http://catb.org/jargon/html/magic-story.html).

I love that story. I too am curious on what it really was doing but atleast it didn't let out magic smoke :rolleyes: