Language Selection

English French German Italian Portuguese Spanish

SELinux vs AppArmor vs Grsecurity

Filed under
Linux
Security
HowTos

Linux kernel is the central component of Linux operating systems. It is responsible for managing the system's resources, the communication between hardware and software and security. Kernel play a critical role in supporting security at higher levels. Unfortunately, stock kernel is not secured out of box. There are some important Linux kernel patches to secure your box. They differ significantly in how they are administered and how they integrate into the system. They also allow for easy control of access between processes and objects, processes and other processes, and objects and other objects. The following pros and cons list is based upon my personal experience.

SELinux
Security-Enhanced Linux (SELinux) is a Linux feature that provides a variety of security policies for Linux kernel. It is included with CentOS / RHEL / Fedora Linux, Debian / Ubuntu, Suse, Slackware and many other distributions.

AppArmor
AppArmor (Application Armor) is another security software for Linux which maintained and released by Novell under GPL. AppArmor was created as an alternative to SELinux. AppArmor works with file paths.

grsecurity
grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. It utilizes a multi-layered detection, prevention, and containment model. It is licensed under the GPL.

full story




More in Tux Machines

A Brief Update On Fwupd For Linux Firmware Updating Of Devices

One of the latest focuses of prolific free software developer Richard Hughes has been on fwupd, an open-source and easy way to update device firmware. Fwupd is part of the initiative to make updating of UEFI/BIOS easily from the Linux desktop and fwupd can be used for updating the firmware of peripheral devices like Richard Hughes' ColorHug device. Read more

VMware Draws on Open Source to Manage Cloud Micro Services

VMware last week released details about two new open source projects that aim to bridge the divide between the company's virtualization software and other vendors' containers. Both projects integrate into VMware's unified platform for the hybrid cloud, allowing the company to create a consistent environment for cloud-native and traditional applications. Project Lightwave and Project Photon could tip sides in the ongoing debate within cloud computing and virtualization markets over running containers on standalone hardware or in virtual machines with virtualization software. Read more

Plasma 5.3