ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Include selinux in Server Security Check?

https://mail.forum.configserver.com/viewtopic.php?t=168

Page 1 of 1

Include selinux in Server Security Check?

Posted: 12 Jan 2007, 04:20
by adept2006
Apparently, Security-Enhanced Linux (selinux) isn't as secure as the title implies... :eek: - see post by katmai: http://forums.cpanel.net/showthread.php?t=55944

Would it be worth adding another check in the csf Server Security Check to warn if selinux is enabled?

(also, could this be another item addressed by the CS Server Service Package?)

Posted: 22 Jan 2007, 05:03
by bloggerman
adept2006 wrote:Apparently, Security-Enhanced Linux (selinux) isn't as secure as the title implies... :eek: - see post by katmai: http://forums.cpanel.net/showthread.php?t=55944

Would it be worth adding another check in the csf Server Security Check to warn if selinux is enabled?

(also, could this be another item addressed by the CS Server Service Package?)
Never has and never will be secure, these guys here at config server are on top of it all it seems, as I have CSF on _ALOT_ of our servers and I am very pleased with it. SELINUX sux0rz period!

Posted: 06 Feb 2007, 20:55
by sebby
[CentOS4 w all CS scripts installed]

Everyone seems to be biased when it comes to Selinux...
Is disabling selinux an official recommendation of the ConfigServer Team?

Regards,

/sebastien

Posted: 06 Feb 2007, 21:20
by chirpy
AFAIK, cPanel won't function correctly on a server with SELinux full enabled, only in permissive/disabled modes.

Posted: 08 Feb 2007, 00:08
by sebby
To your knowledge, is the following message generated by Selinux:

Code: Select all

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Feb  7 18:50:56 server2 filelimits: Increasing file system limits succeeded
These log files are great but how can we find out what generated them?

Posted: 08 Feb 2007, 17:17
by chirpy
sebby wrote:To your knowledge, is the following message generated by Selinux:

Code: Select all

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Feb  7 18:50:56 server2 filelimits: Increasing file system limits succeeded
These log files are great but how can we find out what generated them?
That's nothing to do with selinux. cPanel run a script regularly that checks the current open file descriptor limit in the kernel and compares it to how many files are actually open. If the second value is approaching the first then the script pokes a new value for the open file descriptor limit into the kernel. It then also redoes this when the server is rebooted.

This helps to keep the server stable and optimises file descriptor performance.

It's perfectly normal to see this happening and is very common indeed on newly commissioned servers as load is applied to them.

Nothing to worry about.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited