Yes, it seems to me, that Fedora is more security-oriented than the SuSE family, but SuSE is close. Beside this, the criticized AppArmor may be a better choise for simple minded IT administrators (like me) than SELinux. Moreover, a hungarian IT administrator told me that SuSE can be administrated easier via SSH. Bye: Tamas 2007. május 24. 19.57 dátummal Keith Roberts ezt írta:
You may like to try Fedora Core, sponsored by Red Hat:
http://fedoraproject.org/wiki/Overview
It has an option called SELinux which you might like.
http://fedoraproject.org/wiki/SELinux
Regards
Keith
On Thu, 24 May 2007, Németh Tamás wrote:
To: opensuse-security@opensuse.org From: "[iso-8859-2] Németh Tamás"
Subject: [opensuse-security] Security features of current openSUSE versions? Dear openSUSE developers or Experts!
In these days I am mostly engaged in the task of choosing a free and secure Linux ditribution for our university. I prefer openSUSE but it's security is unclean for me in some aspects. As far as i know, opesSUSE has compile time and runtime userland protection agains memory related exploits (gcc / Fortify Source), runtime SSP (gcc / -fstack-protector), and LSM based MAC framework (AppArmor). But I wonder if you could tell me if:
-openSUSE 10.3 or older versions have all packages compiled as PIE or PIC to utilize the ASLR capabilities of the 2.6.20 and newer Linux kernels? (Does openSUSE 10.3 have an ASLR capability comparable to that of PaX?)
-openSUSE has W^X capabilities (similar to the capabilities provided by PaX or ExecShield patches)? On which architectures and how extensively?
-openSUSE packages are linked with BIND_NOW option to make the -z relro linking option even more effective?
-openSUSE systems have some extra chroot restrictions, /dev/mem, /dev/kmem, /dev/port, /proc/<PID>/stat, /proc/<PID>maps, Linux privileged I/O related or other security enhancements beyond to the security of the vanilla Linux kernel?
Thank you for the invaluable information! Best regards:
Nemeth, Tamas IT administrator University of West-Hungary, Sopron, Hungary --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
------------------------------------------------------------ http://www.karsites.net http://www.raised-from-the-dead.org.uk
This email address is challenge-response protected with http://www.tmda.net ------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org