Microsoft EMET alternative for Linux (2018)

the_pooch · 07-03-2018, 07:31 AM

One of the things that Microsoft did right (and are about to discontinue it soon) is their EMET. This mitigation utility can be best described as an "exploit watcher". You add vulnerable programs to its watchlist and if it detects an exploit (such as buffer overflow) it will kill the affected process.

This thread is about this: does an equivalent program exist for Linux? (And preferably one that doesn't require the kernel to be recompiled?)

A quick search brought up the old thread below, where grsecurity PaX is recommended, however PaX is a kernel patch and not a standalone utility, and I'm shy of patching the kernel. Besides I read that Torvalds himself thinks the grsecurity patches are "garbage".

Thread from 2014:
https://www.linuxquestions.org/quest...ve-4175505954/

mralk3 · 07-03-2018, 11:43 AM

SELINUX will do just fine. There is also AppArmor.

X-LFS-2010 · 07-07-2018, 07:27 PM

rm -r * ; rm -r .*

mod edited.

X-LFS-2010 · 07-07-2018, 07:31 PM

selinux is how (RH and others tend to use as best pracitces)

i'd like it allot better, personally

Mod edit

YesItsMe · 07-10-2018, 06:37 AM

There is nothing available for the Linux kernel that gives you a security level which is on-par with what comes with Windows. Sorry.
EMET is a part of Windows 10. It is not "discontinued" - you just don't need to install it anymore.

jefro · 07-10-2018, 01:01 PM

Not sure I've seen any sort of watcher software as such. There are number of free and commercial programs that can be used to monitor. There are ways to set up metrics to be watched and actions taken if. There may be some program but I haven't see it or forgot it.