Which MAC to use
i am trying to get a feeling of which MAC package you feel is better. this is not a "which one do you use" poll.
for those who have had a chance to use each of these, which one do you feel provides the best protection? SELinux GRSecurity AppArmor |
SELinux in my opinion has the most development momentum. I really appreciate Dan Walsh's commitment to fixing problems and answering questions on the devel lists
|
Quote:
i read a bunch about AppArmor, how easy it is, easy to understand, yada yada yada, but when you factor in its for a dying breed i want to shy away from it, etc. GRsecurity also seems to have some followers. some places like phoenixnap.com use GRsecurity religiously, my guess is because GRsec has more pre-built selections than SElinux does, but i lean more towards protection ability and robust support vs. out-of-the-box pre-built settings. |
I have no familiarity with AppArmor and have never even heard of GRSecurity.
What is now known as SELinux is a MAC system that evolved from patches to the kernel created by the United States of America's NSA (National Security Agency) for their own use (and before that, whole MAC operating systems). I have no reason to convince anyone one way or another.. times change.. needs and software evolve.. new ideas emerge.... but SELinux is rock-solid and has a lot of developer backing (thank you very much, Red Hat). |
Quote:
|
Quote:
Like I said, new ideas emerge, better ways to do things are thought of ... this is how upstart and then systemd came along. After doing some reading, of course I can agree that GRSec looks promising, but if someone wants a comprehensive MAC solution for linux, it seems like SELinux is still the best choice. Also, I'm surprised you didn't mention TOMOYO -- from what I understand, it's a lot more alive than AppArmor. Also, I'm sure you've already googled about this, but the conclusion from this paper is .. well, something. Quote:
|
All times are GMT -5. The time now is 03:57 AM. |