Tip

SUSE security: Forgotten passwords, AppArmor

Take advantage of the added protection that firewalls, anti-virus and anti-spyware programs offer, says James Turnbull. The author of Hardening Linux warns that, while the incidence of viruses and spyware on Linux are considerably smaller than on Windows-based platforms, they can still occur.

In this tip, SearchOpenSource.com's security expert explains how you can run AppArmor on Red Hat Enterprise Linux 4 and explains why bugs in programs that cause vulnerabilities on one platform may not necessarily affect another platform.

Is it possible to use Novell's AppArmor on Red Hat Enterprise Linux (RHEL) 4?

James Turnbull: AppArmor was originally only available on SUSE, but at the start of 2006 Novell open sourced the application and made it available at

Requires Free Membership to View

Novell Forge. Since then, some community development has taken place and a port of AppArmor for, RHEL 5 specifically, (but also planned to be back-ported to other RHEL releases) is available. The port is currently still in development release and a production release is not yet available.

If you do use AppArmor with RHEL, you will have to ensure SELinux is disabled as the two do not function together. The two applications, AppArmor and SELinux perform very similar functions and it is important to note that SELinux is the Red Hat recommended and preferred application for mandatory access controls.

How do you reset a forgotten password for openSUSE 10.2?

Turnbull: You don't need to re-install. Here, you can find a method to reset your root password. It's a little clunky but it should work. If you run into troubles the forums available at that site should provide further information.

Are firewalls, anti-virus and anti-spyware programs really necessary for Linux? What are some products that work well with openSUSE 10.2 for the desktop?

Turnbull: "Better safe than sorry" is an extremely underrated maxim. You do need a firewall, anti-virus and anti-spyware for Linux. While the incidence of viruses and spyware on Linux are considerably smaller than on Windows-based platforms, they still can occur. Additionally, a properly configured firewall will help protect your host from attackers attempting to compromise it.

With openSUSE 10.2, you have the added advantage since Novell bundles anti-virus, firewall, anti-spyware and anti-spam packages with 10.2 -- you can see the exact applications. I recommend referring to the openSUSE documentation to see how to enable and configure these applications.

When you make an open source app that can run on Windows and Linux, does that mean that any bugs in one version will cause vulnerabilities in the other version? For example, OpenOffice's recent patch has errors in the Windows version.

Turnbull: This is a very hard question to answer as it depends on a lot of variables, like:

  • the application in question and
  • the nature of the vulnerability.

More Linux security tips:
Looking ahead to Nagios 3.0

Managing events with Nagios Event Broker

Securing GRUB on Red Hat Enterprise Linux

If the vulnerability is irrelevant to the operating system, for example an application that doesn't have appropriate access controls, then both the Linux and Windows variants may be vulnerable. But if the vulnerability relies on a particular operating system, like expecting a Windows-based kernel, then it is unlikely that the same vulnerability will impact Linux. Yet, as mentioned, this is very arbitrary.

I would always err on the side of caution and carefully investigate any discovered vulnerability to determine all the possible combinations of operating systems, versions, and circumstances in which you might be vulnerable. Many of the security companies do this for you and I would recommend starting there if the vulnerability is known and documented.

What is the difference between Advanced Intrusion Detection Environment and Tripwire?

Turnbull: AIDE and Tripwire are both File Integrity Agents (FIAs). An FIA monitors the integrity and state of the files and objects on your host. If it detects changes to those files, then alerts the administrator that an unauthorized access or change has taken place. FIAs usually take a hash of all files to be monitored using an algorithm like MD5. The snapshot is periodically checked against the current hash of the file and any variations alerted on.

One of the key differences between Tripwire and AIDE is their commercial status. Tripwire was originally a free, open source product and is now a commercial product. However, a free version of Tripwire (branched from the Tripwire code in 2000) is still being developed at http://sourceforge.net/projects/tripwire/. In comparison, AIDE is entirely open source and licensed via the GPL.

Whilst essentially very similar in functionality, in my opinion there does seem to be more regular development on AIDE with more features and updates being released. The open source Tripwire version was last updated in 2005.

This was first published in March 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.