On Fri, Dec 22, 2000 at 01:10:26PM -0700, Kurt Seifried wrote:
It's interesting to see 3 major "secure linux" efforts, all with different goals we have
Actually, from your list, we have 2. Argus does not offer pitbull for linux.
http://www.wirex.com/ ImmunixOS, linux+Stackguard/formatguard/subdomain/cryptomark/etc, reasonably mature (I have a beta, works quite well).
Sure, it works well if you only want to protect against BufferOverflows and even then it doesn't do it that well. Properly written exploits can bypass the canary and still work properly see: http://phrack.infonexus.com/search.phtml?view&article=p56-5
http://www.argussystems.com/ Pitbull, B1 shiz, I'm not to enamoured with this oprange book stuff (buzzword compliance)
If you are running Solaris, and are properly trained by Argus, Pitbull will definately keep the kiddies out. Pretty good for being buzzword compliant.
http://www.nsa.gov/selinux/ NSA, access controls, who did what when, ok, let's shoot 'em in the head.
I'm still looking at the software they're offering here. A decent ACL implementation is somthing I've been waiting for in linux for a while. Not to mention a good system accounting/auditing toolset. Its interesting to see how many "secure linux" projects have been started and how many are actually still around. Most of them have given up "due to lack of interest from the community".
Basically it's like comparing apples to oranges to kiwi fruit. Some people hate kiwi but love apples. OTOH if you want to make kiwi fruit pie..... -Kurt
Sorry for bringing this to suse-security. -miah