Securing FC 4
AragonX
aragonx at dcsnow.com
Sun Aug 21 12:05:53 UTC 2005
<quote who="Paul Howarth">
> On Sat, 2005-08-20 at 10:59 -0400, AragonX wrote:
> Security is not easy. IMHO SELinux is a worthwhile investment of effort.
> It is also completely different from LIDS and performs a different
> function. LIDS attempts to detect that an intrusion has happened.
> SELinux tries to prevent the intrusion happening in the first place, and
> to limit the damage that occurs if it does.
It may seem like that is the focus of LIDS but that is not the case. LIDS
primarily is a kernel patch that provides ACL (Access Control Lists). It
limits drastically root's (and any account's) ability to access files.
It does perform a very similar function to SELinux. The real advantage
for me is that it's configuration is extremely simple. Much easier for me
to work with than SELinux has been. :/
>> I'm looking for more preventative measures. It appears that LIDS and
>> mod_security are the only ones in that role now. Should I jail apache?
>> Would that give me any benefits over what LIDS provides?
>
> Yes it would.
Since LIDS does something different than originally thought, is this
statement still correct?
Thanks for the reply.
More information about the fedora-list
mailing list