From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <3B7D7900.EEFEA652@earthlink.net> Date: Fri, 17 Aug 2001 13:05:20 -0700 From: John Scroggins MIME-Version: 1.0 To: Conan Callen CC: SELinux@tycho.nsa.gov Subject: Re: [Fwd: Partial TOC for Comment] References: <3B7C7C69.E7B84C68@earthlink.net> <20010817001226.J18183@vnl.com> <002f01c12743$52700650$3a8314d1@nwlink.com> Content-Type: text/plain; charset=us-ascii Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Conan Callen wrote: > > > I don't expect SELinux will protect against all possible threats ... > A chapter on SELinux scope would be helpful here. Listing additional > references, tools & techniques that > can be used along with SELinux to help find and plug the holes. > > Also a scenarios section would be nice too. For instance "Building > Firewalls" has a whole chapter on different configurations. Good idea, but I think it out of scope for the preliminary document, but I will install a placeholder for this element I want to set up > two configurations, a secured server running http & smtp, and a dual homed > firewall. The kinds of questions in my mind are "is there a better way that > I could be doing this?", "am I setting this up correctly?, did I miss > something ...?". I can place references (URLs)to relevant material in the body of the doc to take care of this situation.. For instance if it was just as secure to stick a second nic > into the server and make it the gateway as well, then I could spend more > effort on the one machine. Again, I want to move away from hardware, and distro issues of choice. Your input is great .. thanks --JS > > > > > -- > You have received this message because you are subscribed to the selinux list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.