Securing FC 4

[AragonX]

<quote who="Paul Howarth">
> On Sat, 2005-08-20 at 10:59 -0400, AragonX wrote:
> Security is not easy. IMHO SELinux is a worthwhile investment of effort.
> It is also completely different from LIDS and performs a different
> function. LIDS attempts to detect that an intrusion has happened.
> SELinux tries to prevent the intrusion happening in the first place, and
> to limit the damage that occurs if it does.

It may seem like that is the focus of LIDS but that is not the case.  LIDS
primarily is a kernel patch that provides ACL (Access Control Lists).  It
limits drastically root's (and any account's) ability to access files.

It does perform a very similar function to SELinux.  The real advantage
for me is that it's configuration is extremely simple.  Much easier for me
to work with than SELinux has been.  :/

>> I'm looking for more preventative measures.  It appears that LIDS and
>> mod_security are the only ones in that role now.  Should I jail apache?
>> Would that give me any benefits over what LIDS provides?
>
> Yes it would.

Since LIDS does something different than originally thought, is this
statement still correct?

Thanks for the reply.