And whats it like .. how big is the cool factor .. if there actually is one ? :-) Christoph Thiel <cthiel@suse.de> wrote: On Fri, 30 Sep 2005, Schwartz, Matthew (GE Healthcare) wrote:
Has anyone used the Immunix AppArmor lite?
Yes ;) Regards Christoph --------------------------------- How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos
I haven't used the lite version but I've used the full version quite a bit and know the dev team around it pretty well. The fullversion has a full YaST module for managing everything if you like the gui or great cli utilities. Profiling applications is trivial compared to trying to do it with SELinux which is the biggest strength. I can profile a server in a few hours with AppArmor where it would take a week with SELinux. It's made by the same devs who worked with the NSA on the LSM (http://lsm.immunix.org/) so they know what they're doing. The cool factor is pretty nice when you can show people a firefox browser than works fine but is profiled such that it can't read /etc/passwd or other sensitive information. Giving people root access via ssh is fun as well because you can profile sshd such that they can only execute 1 or 2 commands and never get anywhere else. I don't know what the difference between the full and lite version will be but it's a great tool for locking down a Linux box. Cheers, Dan On Sat, 2005-10-01 at 23:56 +0100, Winston Graeme wrote:
And whats it like .. how big is the cool factor .. if there actually is one ? :-)
Christoph Thiel <cthiel@suse.de> wrote: On Fri, 30 Sep 2005, Schwartz, Matthew (GE Healthcare) wrote:
Has anyone used the Immunix AppArmor lite?
Yes ;)
Regards Christoph
--------------------------------- How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos
Cheers for the info : - ) Dan Elder <delder@novacoast.com> wrote:I haven't used the lite version but I've used the full version quite a bit and know the dev team around it pretty well. The fullversion has a full YaST module for managing everything if you like the gui or great cli utilities. Profiling applications is trivial compared to trying to do it with SELinux which is the biggest strength. I can profile a server in a few hours with AppArmor where it would take a week with SELinux. It's made by the same devs who worked with the NSA on the LSM (http://lsm.immunix.org/) so they know what they're doing. The cool factor is pretty nice when you can show people a firefox browser than works fine but is profiled such that it can't read /etc/passwd or other sensitive information. Giving people root access via ssh is fun as well because you can profile sshd such that they can only execute 1 or 2 commands and never get anywhere else. I don't know what the difference between the full and lite version will be but it's a great tool for locking down a Linux box. Cheers, Dan --------------------------------- To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre.
participants (4)
-
Christoph Thiel
-
Dan Elder
-
Schwartz, Matthew (GE Healthcare)
-
Winston Graeme