Home > Ask the Enterprise Linux Experts > Security Questions & Answers > Bastille or SELinux?
Ask The Enterprise Linux Expert: Questions & Answers
EMAIL THIS

Bastille or SELinux?

James Turnbull EXPERT RESPONSE FROM: James Turnbull

Pose a Question
Other Enterprise Linux Categories
Meet all Enterprise Linux Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 07 May 2008
I've seen your answer regarding the difference between Bastille and SELinux. My question is: should you have to choose one or the other to secure a server, which one would you prefer?

>
EXPERT RESPONSE

This is a difficult question to answer because I don't know what your security requirements are or what you are trying to protect against. Bastille and SELinux perform two quite different functions. Bastille is a hardening tool that secures elements of Linux/Unix-based operating systems. It is generally run once or perhaps twice a month to ensure the hardening settings are maintained. As such it's a fairly low-maintenance control, but it only secures a limited set of configuration items.

Alternatively, SELinux is a mandatory access control tool that can monitor all processes on your host and block activities that are inappropriate, or outside a specified policy. It runs inside the kernel, and requires configuration and generally some ongoing management. It is a much more comprehensive and complex control with a correspondingly greater overhead. As a control, and if configured correctly, SELinux has the potential to be highly effective in blocking attackers' attempts to compromise your hosts.

So selecting which control to implement really depends on:
a) What your security requirements are, and b) What capacity and capability you have to implement and manage security controls.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsITKnowledge ExchangeTipsBlogsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts