Hi,
Novell's Suse Linux Enterprise Server ships with an Application Security application called apparmour absolutely free of cost.
AppArmor offers the following features:
* Full integration. AppArmor is integrated with SUSE Linux Enterprise Server 9 SP3 and openSUSE.
* Seamless integration. SUSE Linux Enterprise Server from Novell, which now includes AppArmor, integrates easily with it.
* Easy deployment. AppArmor includes a full suite of console and YaST-based tools to help you develop, deploy and maintain application security policies.
* Powerful security. AppArmor protects the operating system, custom and third-party applications from both external and internal threats by enforcing appropriate application behavior.
* Reporting and alerting. Built-in features allow you to schedule detailed event reports and configure alerts based on user-defined events.
* Sub-process confinement. AppArmor allows you to define security policies for individual Perl and PHP scripts for tighter Web-server security.
The benefits include :
* Quickly and effectively secure Linux-based programs
* Protect business-critical Linux-based applications and services
* Enforce system and data integrity with preconfigured templates
* Reduce business risk
* Comply with government regulations
* Manage ongoing return on investment
* Reduce total cost of ownership
* Improve IT productivity
* Enjoy consistent manageability
More information can be obtained at http://www.novell.com/products/apparmor/ and you can download a free version from http://en.opensuse.org/Apparmor
Linux Application Security - Apparmour
Re: Linux Application Security - Apparmour
Dear,Apurva wrote:Hi,
Novell's Suse Linux Enterprise Server ships with an Application Security application called apparmour absolutely free of cost.
AppArmor offers the following features:
* Full integration. AppArmor is integrated with SUSE Linux Enterprise Server 9 SP3 and openSUSE.
* Seamless integration. SUSE Linux Enterprise Server from Novell, which now includes AppArmor, integrates easily with it.
* Easy deployment. AppArmor includes a full suite of console and YaST-based tools to help you develop, deploy and maintain application security policies.
* Powerful security. AppArmor protects the operating system, custom and third-party applications from both external and internal threats by enforcing appropriate application behavior.
* Reporting and alerting. Built-in features allow you to schedule detailed event reports and configure alerts based on user-defined events.
* Sub-process confinement. AppArmor allows you to define security policies for individual Perl and PHP scripts for tighter Web-server security.
The benefits include :
* Quickly and effectively secure Linux-based programs
* Protect business-critical Linux-based applications and services
* Enforce system and data integrity with preconfigured templates
* Reduce business risk
* Comply with government regulations
* Manage ongoing return on investment
* Reduce total cost of ownership
* Improve IT productivity
* Enjoy consistent manageability
More information can be obtained at http://www.novell.com/products/apparmor/ and you can download a free version from http://en.opensuse.org/Apparmor
Are they using iptables at back, or some thing other than that.
Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
NT means 'Not Today'.'XP' what else but 'Xtremely Painful.'
If Linux doesn't have the solution, you have the wrong problem
Linux is like a Red Indian tent: no Windows, no Gates, and an Apache inside!
apparmour
this will basically protect the http fork and protect the binary from hacking.
AppArmor tools identify the programs that need containment, capture application behavior in a "learning mode" and turn that behavior into security policy—all from a single graphical interface.
AppArmor tools identify the programs that need containment, capture application behavior in a "learning mode" and turn that behavior into security policy—all from a single graphical interface.
Re: apparmour
Apurva wrote:this will basically protect the http fork and protect the binary from hacking.
AppArmor tools identify the programs that need containment, capture application behavior in a "learning mode" and turn that behavior into security policy—all from a single graphical interface.
Ok.
Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
NT means 'Not Today'.'XP' what else but 'Xtremely Painful.'
If Linux doesn't have the solution, you have the wrong problem
Linux is like a Red Indian tent: no Windows, no Gates, and an Apache inside!
se linux is available in many distributions; see http://selinux.sourceforge.net/. it is not a "redhat" thing.Apurva wrote:App armour compares against SE linux of Redhat.
You are right my brother lambda.lambda wrote:se linux is available in many distributions; see http://selinux.sourceforge.net/. it is not a "redhat" thing.Apurva wrote:App armour compares against SE linux of Redhat.
Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
Creating a policy in SE Linux :
Create a file at $SELINUX_SRC/domains/program/foo.te.
Put the daemon domain macro call in the file.
Create the file contexts file.
Put the first list of file contexts in file.fc.
Load the new policy with make load.
Label the foo files.
Start the daemon, service foo start.
Examine your audit log for denial messages.
Familiarize yourself with the errors the daemon is generating.
Use audit2allow to start the first round of policy rules
Look to see if the foo_t domain tries to create a network socket
Continue to iterate through the basic steps to generate all the rules you need.
If the domain tries to access port_t, which relates to tclass=tcp_socket or tclass=udp_socket in the AVC log message, you need to determine what port number foo needs to use.
Iterate through the remaining AVC denials. When they are resolved with new policy, you can configure the unique port requirements for the foo_t domain.
With the daemon started, determine which port foo is using.
Remove the generic port_t rule, replacing it with a specific rule for a new port type based on the foo_t domain.
Create a file at $SELINUX_SRC/domains/program/foo.te.
Put the daemon domain macro call in the file.
Create the file contexts file.
Put the first list of file contexts in file.fc.
Load the new policy with make load.
Label the foo files.
Start the daemon, service foo start.
Examine your audit log for denial messages.
Familiarize yourself with the errors the daemon is generating.
Use audit2allow to start the first round of policy rules
Look to see if the foo_t domain tries to create a network socket
Continue to iterate through the basic steps to generate all the rules you need.
If the domain tries to access port_t, which relates to tclass=tcp_socket or tclass=udp_socket in the AVC log message, you need to determine what port number foo needs to use.
Iterate through the remaining AVC denials. When they are resolved with new policy, you can configure the unique port requirements for the foo_t domain.
With the daemon started, determine which port foo is using.
Remove the generic port_t rule, replacing it with a specific rule for a new port type based on the foo_t domain.