suse@rio.vg wrote on 18.08.2006 14:59:40:

> Henning Hucke wrote:
> >
> > SuSE Linux more and more drifts towards "another Windows". In the
> > meantime I know a lot of people - amongst them are numerous
> > administrators which I personally rate as good or very good ones - who
> > already droped SuSE in favor of Debian or comparable distributions.
> >
> > Mind that.
> >
> > I personally will install the coming (already released?) SuSE 10.2 on my
> > machines and if it will not attract me the installation after this one
> > will be debian.
> >
> > But still: Maybe I'm unfair to SuSE/Novell. If it should be the case
> > that I already have the *alternatives* selinux _or_ AppArmor I would
> > have to take the above critics. What I want to have is the choice! Give
> > other users a tool at hand with which they might secure their machines
> > in obscurity as long as you give _me_ the tools at hand to really secure
> > the machines under my administration.
>
> Let me get this straight: You're trashing SuSE because AppArmor isn't
> the be-all / end-all of perfect security perfection, so you're going to
> use a distribution that doesn't even have AppArmor at all?
>
> AppArmor is a tool.  It's meant to help a server deal with possibly
> insecure software without the extra hassles of chroot.  As far as I can
> tell, it works very well in that task.
>
> However, as you say, it's not going to stop people who already have
> shell access from doing naughty things.  It never claimed to.  Ease of
> use is not some windows concept.  AppArmor is nice and easy to use for
> the task it was meant to do, and that's a good thing.  The more
> complicated something is, the better chance it gets screwed up.  It also
> frees up my time to take care of other tasks.  Are you some kind of
> masochist that you'd rather make your life harder?
>
> If you need user-level security, go with SELinux.  The right tool for
> the right job.
>

Seems a pretty good approach : the right tool for the right job !
Personnaly I've choosen AA by exactly the same reasons above : gives me time to take care of other tasks.

Have fun !

Miguel Albuquerque
Network Administrator
signature



DISCLAIMER
- This message is intended for the use of the named person only. The information contained in this E-mail is confidential and any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited. This message does not represent a formal commitment by Codalis SA. Codalis SA is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.