| 1 |
If you are talking about Grsecurity (which has a learning mode that makes |
| 2 |
configuration very easy), and if your users are doing limited, standard |
| 3 |
things, then a strong Yes! (though IIUC, SeLinux is difficult to |
| 4 |
configure) |
| 5 |
|
| 6 |
The RBAC protection will protect you if -you- or a trusted user does |
| 7 |
something accidentally (e.g. shell command), or downloads something that |
| 8 |
tries to exploit a news client or browser. It may also protect you if |
| 9 |
someone ever compromises a portage distribution. |
| 10 |
|
| 11 |
There seems to be a reluctance among some old-timers to use the hardened |
| 12 |
tools anywhere else but on a server - I'd guess that is a holdover from |
| 13 |
the last decade when both Linux and the hardening tools were being |
| 14 |
created. Today's (non-selinux) tools are easy to use, and are IMHO quite |
| 15 |
appropriate for home use in today's world of professional crackers going |
| 16 |
after home users. Heh, even MS is "hardening" their new OS, VISTA. |
| 17 |
|
| 18 |
|
| 19 |
On Sun, 29 Oct 2006 00:16:59 -0400, |
| 20 |
<bridavis-Wuw85uim5zDR7s880joybQ@××××××××××××.org> wrote: |
| 21 |
|
| 22 |
> I have a total of 3 non-root users, 1 is me, the 2 others are trusted |
| 23 |
> (i.e. family/friend). RBAC looks like it's more complex that I need and |
| 24 |
> want to deal with, and I'm I'm wondering if I should bother with this |
| 25 |
> with so few users. |
| 26 |
> |
| 27 |
> Thoughts? |
| 28 |
> |
| 29 |
> Thanks, |
| 30 |
> Brian |
| 31 |
|
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-hardened@g.o mailing list |
Archives