No executables in /tmp
mike at halcrow.us
Mon Mar 27 20:40:27 MST 2006
On Mon, Mar 27, 2006 at 06:14:07PM -0700, Andrew Jorgensen wrote:
> There are several ways, but what you really need is AppArmor.
> PS: AppArmor <http://www.novell.com/products/apparmor/> is open
> source, uses the same infrastructure SELinux uses, and is WAY EASIER
> to use than SELinux, especially if you've never used either before.
> Have a look at this FOSDEM talk before deciding which to use
BSD Secure Levels also uses the same infrastructure that AppArmor uses
(the LSM hook framework), it is way easier than AppArmor, but it is
not necessarily the best tool for the job of securing a system in
the way that an admin may require.
Personally, I would prefer the power, flexibility, and (yes)
complexity of SE Linux over many other MAC solutions out
there. AppArmor may be a good solution for many cases, but just
because it is simpler does not mean that it can do a better job of
securing a system than SE Linux can do.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769
"To prohibit sharing software is to cut the bonds of society."
- Richard Stallman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 481 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20060327/52f6b759/attachment.bin
More information about the PLUG