Home
Topics
Linux security
Bastille or SELinux?

Ask the Expert

Bastille or SELinux?

I've seen your answer regarding the difference between Bastille and SELinux. My question is: should you have to choose one or the other to secure a server, which one would you prefer?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

This is a difficult question to answer because I don't know what your security requirements are or what you are trying to protect against. Bastille and SELinux perform two quite different functions. Bastille is a hardening tool that secures elements of Linux/Unix-based operating systems. It is generally run once or perhaps twice a month to ensure the hardening settings are maintained. As such it's a fairly low-maintenance control, but it only secures a limited set of configuration items.

Alternatively, SELinux is a mandatory access control tool that can monitor all processes on your host and block activities that are inappropriate, or outside a specified policy. It runs inside the kernel, and requires configuration and generally some ongoing management. It is a much more comprehensive and complex control with a correspondingly greater overhead. As a control, and if configured correctly, SELinux has the potential to be highly effective in blocking attackers' attempts to compromise your hosts.

So selecting which control to implement really depends on:
a) What your security requirements are, and b) What capacity and capability you have to implement and manage security controls.

More News and Tutorials

Articles

This was first published in June 2008

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Data Center
Server Virtualization
Cloud computing
Enterprise Desktop

Data Center
- Battery monitoring service prevents outages, extends battery life
  
  The latest backup battery monitoring services can prevent outages and extend battery life. Plus, they take power monitoring off IT's task list.
- Red Hat Open Hybrid Cloud aids private, public cloud management
  
  Hardware, virtualization, public and private cloud are all converging and need to be managed as one environment. Enter Red Hat's Open Hybrid Cloud.
- Mainframe modernization takes on urgency
  
  A Red Hat Summit talk on database and mainframe modernization highlights urgency, need for agility in enterprise development teams.
Server Virtualization
- Virtualization vs. cloud: Let's get this straight
  
  Reports of clouds abound, but true clouds are hard to come by. Turns out, many don't know what separates virtualization vs. cloud. We're here to help.
- Moving VMs around? Avoid downtime with Hyper-V Live Storage Migration
  
  Live Storage Migration eliminates the downtime associated with moving VM files from one storage location to another and helps improve performance.
- RHEV proves to be a cost-effective alternative to vSphere
  
  Some IT departments have turned to low-cost, flexible virtualization platforms, such as Red Hat Enterprise Virtualization, to lower VMware costs.
Cloud computing
- PaaS market heats up with Red Hat OpenShift, Savvis AppFog buy
  
  PaaS made headlines last week, but it's still difficult to gauge the true level of interest in Platform as a Service in the enterprise world.
- IBM, Salesforce deals usher in cloud consolidation era
  
  IBM's SoftLayer buy is getting mixed reviews from IT pros, but everyone agrees that it's an example of the consolidation phase of the cloud bubble.
- U.S. defense agencies' cloud transition yields better intelligence
  
  A cloud migration seems daunting but the effort is worthwhile; U.S. defense agencies say their cloud move led to better military intelligence.
Enterprise Desktop
- Q&A: Microsoft's Erwin Visser discloses Windows 8 mobile strategy
  
  Microsoft GM Erwin Visser discusses the company's mobile strategy for Windows 8 and the need to deliver one device supporting all types of computing.
- Q&A: Microsoft's Erwin Visser on Windows 8.1 updates, security
  
  Microsoft's Erwin Visser discusses Windows 8.1 features, how IT can keep pace with faster update cycles and Windows security enhancements.
- Telerik updates Windows 8 app development tools
  
  Telerik's updated DevCraft tool for developing Windows 8 apps helps IT to deliver business apps to end users on PCs and tablets.

All Rights Reserved,Copyright 2003 - 2013, TechTarget