1 |
If you are talking about Grsecurity (which has a learning mode that makes |
2 |
configuration very easy), and if your users are doing limited, standard |
3 |
things, then a strong Yes! (though IIUC, SeLinux is difficult to |
4 |
configure) |
5 |
|
6 |
The RBAC protection will protect you if -you- or a trusted user does |
7 |
something accidentally (e.g. shell command), or downloads something that |
8 |
tries to exploit a news client or browser. It may also protect you if |
9 |
someone ever compromises a portage distribution. |
10 |
|
11 |
There seems to be a reluctance among some old-timers to use the hardened |
12 |
tools anywhere else but on a server - I'd guess that is a holdover from |
13 |
the last decade when both Linux and the hardening tools were being |
14 |
created. Today's (non-selinux) tools are easy to use, and are IMHO quite |
15 |
appropriate for home use in today's world of professional crackers going |
16 |
after home users. Heh, even MS is "hardening" their new OS, VISTA. |
17 |
|
18 |
|
19 |
On Sun, 29 Oct 2006 00:16:59 -0400, |
20 |
<bridavis-Wuw85uim5zDR7s880joybQ@××××××××××××.org> wrote: |
21 |
|
22 |
> I have a total of 3 non-root users, 1 is me, the 2 others are trusted |
23 |
> (i.e. family/friend). RBAC looks like it's more complex that I need and |
24 |
> want to deal with, and I'm I'm wondering if I should bother with this |
25 |
> with so few users. |
26 |
> |
27 |
> Thoughts? |
28 |
> |
29 |
> Thanks, |
30 |
> Brian |
31 |
|
32 |
|
33 |
-- |
34 |
gentoo-hardened@g.o mailing list |