AppArmour open sourced. Possible inclusion in Fedora?
Chasecreek Systemhouse
chasecreek.systemhouse at gmail.com
Wed Jan 18 17:28:13 UTC 2006
On 1/17/06, Adam Gibson <agibson at ptm.com> wrote:
> http://arstechnica.com/news.ars/post/20060113-5975.html
>
> From all the reading I have done it seems that configuration would be
> much easier for most system admins. A utility can learn what access is
> needed by monitoring the app so that you don't have to know all the
> details of what the app touches to get it working for new apps.
Application usage monitoring is not a good security practice to
dictate overall security -- while it will show usage patterns which
can then be evaluated for security impact it is better to disallow
everything and then only allow what is required for the business
mission. Just because people are doing things a particular way
doesn't mean that is the most appropriate or most secure way.
--
WC -Sx- Jones | http://ccsh.us/ | Open Source Consulting
More information about the fedora-list
mailing list