Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What's the most secure and powerful kernel enhancement/patch RSBAC SeLinux GrSecurity or AppArmor and can you point to any quick tutorials on getting started with that enhancement?
Last edited by JasperLiermin; 03-19-2009 at 06:27 PM.
What's the most secure and powerful kernel enhancement/patch RSBAC SeLinux GrSecurity or AppArmor and can you point to any quick tutorials on getting started with that enhancement?
Powerful how? Defending against what?
Please be specific about which threat you are trying to mitigate.
Please be specific about which threat you are trying to mitigate.
Hi win32sux I only ask to try building a fortress and the kernel is the jumping point.
I say quick tutorials because I will do more work after the whole system is up and running.
O and sorry for using Exclamation icon by mistake.
Hi win32sux I only ask to try building a fortress and the kernel is the jumping point.
I understand that, but a fortress is designed to protect against specific threats. For example, you could use really tall walls in order to prevent individuals from bypassing the main entrance. The main entrance could use very narrow hallways, so that crowds can't get through. In both examples, the fortress' defensive measures were intended for specific threats (individuals in the first example, crowds in the second). The same concept applies to information security. You don't just throw miscellaneous security measures around and hope something sticks. The security tools you use need to be selected in a well thought out manner.
Last edited by win32sux; 03-19-2009 at 07:13 PM.
Reason: Spelling.
I agree. SE Linux definately is the first LSM to look at in terms of development (present and future), distribution integration, general support, implementation flexibility and (enterprise) usage. OTOH GRSecurity reinforces the kernel in terms of say chrooting no other LSM does. So it still depends on what distribution you're running, what the machines purpose is, its location in the network, the hardening you've done and say OTF vs maintenance trade-off to decide what you would need.
What am I doing this for is the question and the answer is to create a hardened fortress to be used by the general public for anyone with hi security in mind.
like any of http://lwn.net/Distributions/#secure might be
I intend to do more customization later but for now I'm looking only at the kernel patches not the configuration files that go with them and yes I know that part of this choice is how I intend to configure but the brute of what I need now is all around maximum security.
Last edited by JasperLiermin; 03-19-2009 at 10:02 PM.
This is "possibly" one of the securest setups that i have yet to come across. they maintain the selinux reference policy.
you can also apply grsecurity to this setup (not an easy process) so that the outcome would be grsecurity and selinux both working on the same system but performing very different functions.
the brute of what I need now is all around maximum security.
Such a thing doesn't exist, so you're expectations aren't realistic. That said, your best bet at pursuing this path sounds like one of those hardened distros. This way you not only get a head start, but also benefit from the testing provided by the install base. slimm609's suggestion sounds like a really interesting option in that regard, and you should definitely look into it. Another alternative could be to read the Hardened Linux From Scratch (HLFS) instructions to get some good ideas about what modifications you can make to your favorite distro.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.