Language Selection

English French German Italian Portuguese Spanish

SELinux vs AppArmor vs Grsecurity

Filed under

Linux kernel is the central component of Linux operating systems. It is responsible for managing the system's resources, the communication between hardware and software and security. Kernel play a critical role in supporting security at higher levels. Unfortunately, stock kernel is not secured out of box. There are some important Linux kernel patches to secure your box. They differ significantly in how they are administered and how they integrate into the system. They also allow for easy control of access between processes and objects, processes and other processes, and objects and other objects. The following pros and cons list is based upon my personal experience.

Security-Enhanced Linux (SELinux) is a Linux feature that provides a variety of security policies for Linux kernel. It is included with CentOS / RHEL / Fedora Linux, Debian / Ubuntu, Suse, Slackware and many other distributions.

AppArmor (Application Armor) is another security software for Linux which maintained and released by Novell under GPL. AppArmor was created as an alternative to SELinux. AppArmor works with file paths.

grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. It utilizes a multi-layered detection, prevention, and containment model. It is licensed under the GPL.

full story

More in Tux Machines

Lumina Desktop 1.1 Released

The BSD-focused, Qt-powered Lumina Desktop Environment is out with its version 1.1 update. The developers behind the Lumina Desktop Environment consider it a "significant update" with both new and reworked utilities, infrastructure improvements, and other enhancements. Lumina 1.1 adds a pure Qt5 calculator, text editor improvements, the file manager has been completely overhauled, system application list management is much improved, and there is a range of other improvements. Read more

Radeon vs. Nouveau Open-Source Drivers On Mesa Git + Linux 4.9

For your viewing pleasure this Friday are some open-source AMD vs. NVIDIA numbers when using the latest open-source code on each side. Linux 4.9-rc1 was used while Ubuntu 16.10 paired with the Padoka PPA led to Mesa Git as of earlier this week plus LLVM 4.0 SVN. As covered recently, there are no Nouveau driver changes for Linux 4.9 while we had hoped the boost patches would land. Thus the re-clocking is still quite poor for this open-source NVIDIA driver stack. For the Nouveau tests I manually re-clocked each graphics card to the highest performance state (0f) after first re-clocking the cards to the 0a performance state for helping some of the GPUs that otherwise fail with memory re-clocking at 0f, as Nouveau developers have expressed this is the preferred approach for testing. Read more

Ubuntu MATE, Not Just a Whim

I've stated for years how much I dislike Ubuntu's Unity interface. Yes, it's become more polished through the years, but it's just not an interface that thinks the same way I do. That's likely because I'm old and inflexible, but nevertheless, I've done everything I could to avoid using Unity, which usually means switching to Xubuntu. I actually really like Xubuntu, and the Xfce interface is close enough to the GNOME 2 look, that I hardly miss the way my laptop used to look before Unity. I wasn't alone in my disdain for Ubuntu's flagship desktop manager switch, and many folks either switched to Xubuntu or moved to another Debian/Ubuntu-based distro like Linux Mint. The MATE desktop started as a hack, in fact, because GNOME 3 and Unity were such drastic changes. I never really got into MATE, however, because I thought it was going to be nothing more than a hack and eventually would be unusable due to old GNOME 2 libraries phasing out and so forth. Read more

EU-Fossa project submits results of code audits

The European Commission’s ‘EU Free and Open Source Software Auditing’ project (EU-Fossa) has sent its code review results to the developers of Apache HTTP server target and KeePass. The audit results are not yet made public, however, no critical vulnerabilities were found. Read more