![](https://seccdn.libravatar.org/avatar/fd050a5c199e6f2c06fa22e4c9e28322.jpg?s=120&d=mm&r=g)
Hi!
On 2/8/06, Marcus Meissner
On Wed, Feb 08, 2006 at 02:55:03PM +0200, HG wrote:
Hello!
I could not really find good information about the security features of the next 10.1 version from the Wiki. I'm personally very interested in 1) Easy access control systems (I do not know what these could be... but could be easier than current)
Thats a broad issue. We are using the traditional UNIX methods and replacing them ... well.
What actually is the problem with the current one?
Ah, I don't know. I guess the usage could be more simplified. I've tried to use ACL's, but it seems a bit complicated sometimes - of course using Samba in between makes it a little easier.
2) Easy way of sandboxing servers, like limiting SFTP to some folder and it's subfolders.
Here the answer is AppArmor ;)
I've been hearing about this... I'm just waiting for the 10.1 release so I can upgrade my home computer and start learning it. Hopefully there is some documentation with it also...
3) File and folder access auditing - very much needed feature in corporations!! A must have.
In SLES8 and SLES9 we included LAuS, a EAL/CAPP compliant audit system.
Yes, I've seen LAuS mentioned in some places.
For 10.1 and SLES 10 we include the upstream lightweight auditing framework, which is not yet EAL/CAPP compliant. (Its in the "audit" package.)
Why not LAuS? Is there something wrong with it?
However, some auditing capabilities are available already in this system.
Which system do you refer to?
4) Scanning tools, like NMAP and Nessus (nmap is available from Guru YaST repository, but Nessus is not from anywhere AFAIK - except manually from nessus.org, I guess)
nmap is on 10.1. nessus should be there too, but isn't on the CDs (Likely for space reasons.)
Sorry, seems that nmap was on 10.0 also, but Guru had a newer one. It doesn't matter that much if they are on the CD or not, as long as they are installable from YaST after adding some installation repositories. It's still quite specialized program compared to office or other desktop programs.
So, can somebody elaborate on these features and their future in (OSS) SUSE Linux?
Additionaly we have some lowlevel security things:
I'm quite confident in the progress of lowlevel securyti (although of course there is much to do always), but it's more those higher level features that are critical for many businesses to be able to manage and monitor the resources. (Although AppArmour sounds more like lowlevel, I guess).
Ciao, Marcus
Thanks. -- HG.