I've seen your answer regarding the difference between Bastille and SELinux. My question is: should you have to choose one or the other to secure a server, which one would you prefer?

Requires Free Membership to View

This is a difficult question to answer because I don't know what your security requirements are or what you are trying to protect against. Bastille and SELinux perform two quite different functions. Bastille is a hardening tool that secures elements of Linux/Unix-based operating systems. It is generally run once or perhaps twice a month to ensure the hardening settings are maintained. As such it's a fairly low-maintenance control, but it only secures a limited set of configuration items.

Alternatively, SELinux is a mandatory access control tool that can monitor all processes on your host and block activities that are inappropriate, or outside a specified policy. It runs inside the kernel, and requires configuration and generally some ongoing management. It is a much more comprehensive and complex control with a correspondingly greater overhead. As a control, and if configured correctly, SELinux has the potential to be highly effective in blocking attackers' attempts to compromise your hosts.

So selecting which control to implement really depends on:
a) What your security requirements are, and b) What capacity and capability you have to implement and manage security controls.

This was first published in June 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: