Q

Bastille or SELinux?

If you had to choose between Bastille and SELinux, consider what you really need from a security program. A Linux expert explains the tradeoffs and benefits of each based on factors such as monitoring, ease of maintenance and range of coverage.

I've seen your answer regarding the difference between Bastille and SELinux. My question is: should you have to choose one or the other to secure a server, which one would you prefer?

This is a difficult question to answer because I don't know what your security requirements are or what you are

trying to protect against. Bastille and SELinux perform two quite different functions. Bastille is a hardening tool that secures elements of Linux/Unix-based operating systems. It is generally run once or perhaps twice a month to ensure the hardening settings are maintained. As such it's a fairly low-maintenance control, but it only secures a limited set of configuration items.

Alternatively, SELinux is a mandatory access control tool that can monitor all processes on your host and block activities that are inappropriate, or outside a specified policy. It runs inside the kernel, and requires configuration and generally some ongoing management. It is a much more comprehensive and complex control with a correspondingly greater overhead. As a control, and if configured correctly, SELinux has the potential to be highly effective in blocking attackers' attempts to compromise your hosts.

So selecting which control to implement really depends on:
a) What your security requirements are, and b) What capacity and capability you have to implement and manage security controls.

This was first published in June 2008

Dig deeper on Linux security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close