No executables in /tmp

Michael Halcrow mike at halcrow.us
Mon Mar 27 20:40:27 MST 2006


On Mon, Mar 27, 2006 at 06:14:07PM -0700, Andrew Jorgensen wrote:
> There are several ways, but what you really need is AppArmor.
> 
> Andrew
> 
> PS: AppArmor <http://www.novell.com/products/apparmor/> is open
> source, uses the same infrastructure SELinux uses, and is WAY EASIER
> to use than SELinux, especially if you've never used either before. 
> Have a look at this FOSDEM talk before deciding which to use
> <http://ftp.belnet.be/mirrors/FOSDEM/FOSDEM2006-apparmor.avi>.

BSD Secure Levels also uses the same infrastructure that AppArmor uses
(the LSM hook framework), it is way easier than AppArmor, but it is
not necessarily the best tool for the job of securing a system in
the way that an admin may require.

Personally, I would prefer the power, flexibility, and (yes)
complexity of SE Linux over many other MAC solutions out
there. AppArmor may be a good solution for many cases, but just
because it is simpler does not mean that it can do a better job of
securing a system than SE Linux can do.

Mike
.___________________________________________________________________.
                         Michael A. Halcrow                          
       Security Software Engineer, IBM Linux Technology Center       
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C  20F5 DB40 8531 6DCA 8769

"To prohibit sharing software is to cut the bonds of society."       
 - Richard Stallman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20060327/52f6b759/attachment.bin 


More information about the PLUG mailing list