joseph at thatworks.com
Wed Jan 23 09:04:14 MST 2008
On Jan 23, 2008 8:46 AM, Jason Edwards <jtanium at gmail.com> wrote:
> Firestarter (http://www.fs-security.com/) would be something you could
> use to manage iptables. It won't show you an application and let you
> make a policy based on that application, but you could figure out what
> ports an application is using and and make policies based on that.
I used to use Firestarter. I had so many problems, I eventually gave
up and tried to kill it. Doing so ended up being an adventure of its
own. Now I'm happy just using iptables from the command line. I think
my mind works better at the command line anyway.
> As far limiting executables launching other executables, you should be
> able to do it with SELinux or AppArmor, though I don't know what tools
> there are make that easier to manage.
I missed that part of the original post. My bad. I haven't played yet
with AppArmor, but SELinux is excellent at securing files and
processes. Problem is, it's not the friendliest thing in the world to
configure. And if your distro doesn't have decent policies written for
it, I think you'll probably hate it.
The latest versions of Red Hat (both RHEL and Fedora) have excellent
SELinux policies written, and some excellent default iptables rules
set up. I supposed by extension, CentOS does too. If you're not too
attached to a different distro, they're definitely worth checking out.
More information about the PLUG