This Linux Security guide provides resources and tips for four of the most popular Linux security tools: SELinux, Yellowdog Updater, Modified (YUM), AppArmor and Snort.
SELinux is an operating system
Requires Free Membership to View
developed in coordination with the National Security Agency (NSA). Its main security feature
is Mandatory Access Control (MAC), a framework created for government purposes to enforce rigid
distinctions about who receives access to which parts of the system. This distinguishes the tool
from Unix and Windows security.
The second tool in the guide, YUM, collects information for and directs Red Hat Package Manager in its installation of software upgrades. This ensures that the software on your system is current - and therefore as close to invulnerable as possible. The tool is standard on Red Hat Enterprise Linux, CentOS and Fedora operating systems, and functions well with any RPM-based distribution. One of its several advantages over tools like Yast is its ability to upgrade to newer architectures of the same software.
AppArmor and SELinux are arguably each other's closest competitors. AppArmor is a security framework rather than an operating system with built-in controls. Originally a kernel patch, it is now a full-fledged tool which checks incoming activity against standardized profiles and denies access to visitors exhibiting suspicious behavior. "Apparmor provides more coarse controls than SELinux, but is much easier to use - and especially to customize - which lends it to a wider audience," one system administrator said. He added, "Apparmor also allows administrators to wrap a single application without modifying the rest of the system, meaning an administrator may choose to use it only on applications which are open to the network."
Snort's niche is intrusion detection and prevention. It uses methods of access regulation similar to those in AppArmor and SELinux, but it is also capable of compiling information about potential intrusions into log packets and returning the information to administrators. "Snort is the premier open source IDS solution and a solution that rivals many commercial products. The upcoming Snort 3.0 release, which features a significant re-architecture and performance enhancement, will only solidify its place in the market," SearchEnterpriseLinux security expert James Turnbull said
The Linux security tools and guidance included below will help newbies and veterans to maintain a safe and productive Linux enterprise environment. Enjoy!
TABLE OF
CONTENTS SELinux Yum AppArmor Snort |
SELINUX
Return to Table of Contents
SELinux, the only Linux security tool developed in collaboration with the National Security Agency (NSA), is renowned for its top-level performance. Learn how to secure networks, manage policies and troubleshoot security issues in the links below with SELinux.
When to use SELinux: An introduction to security-enhanced Linux
In this tip on the basics
of SELinux, find out what this Linux security system is, its competition, and best practices
for implementing the system.
LinuxWorld preview: IBM engineer touts SELinux
SELinux has made strides in protecting systems from intrusion by unauthorized access but its lack
of user-friendliness remains a weakness.
Secure networks with SELinux
Learn how
SELinux can protect Linux servers at the system level with security management commands and
utilities in this sample chapter.
Using SETools to manage SELinux policies
SETools
can help SELinux administrators with the daunting task of writing, managing and reporting on
policies with the help of tools such as apol, sediff, seaudit and sechecker.
SELinux in RHEL 5: More enhanced, more security
SELinux
enhancements in Red Hat Enterprise Linux 5, such as the added security of SELinux
Troubleshooter and the multi-level security integration, are welcome changes.
Solaris 10 Trusted Extensions vs. SELinux
Solaris
10 Trusted Extensions and SELinux are best suited to different system requirements and
administrator skill sets. Our security expert explains the distinction and recommends when to
implement each.
Bastille or SELinux?
If you had to choose
between Bastille and SELinux, consider what you really need from a security program. A Linux
expert explains the tradeoffs and benefits of each based on factors such as monitoring, ease of
maintenance and range of coverage.
Five ways SELinux may surprise you
In the column that follows, author and SELinux expert Frank Mayer will walk you through five
of the ways that this venerable Linux security technology may surprise you.
Additional SELinux resources:
SELinux repository
Red Hat recently moved its source code repository for SELinux from SourceForge to Tresys. Find a
link to the new space on a blog hosted by Red Hat.
SELinux
repository hosted and managed by Tresys
This article offers the fuller detail on the transfer of SELinux repository to Tresys.
Dan Walsh's Journal
Find the latest on SELinux on the blog of Red Hat Principal Software Engineer Dan Walsh.
YELLOWDOG
UPDATER,
MODIFIED (YUM)
Return to Table of Contents
Keep your system running with the most up-to-date software versions available with Yellowdog Updater, Modified (YUM). The tool, an aid to RedHat Package Manager, calculates system dependencies and performs installations to resolve them.
This section details how to make best use of YUM. If you are already familiar with YUM, you will also find tips for tweaking it for optimal performance and to perform security-specific updates.
Configuring YUM on Linux
Learn how to
configure YUM on Linux by using the main configuration file, yum.conf, and learn some of the
key YUM commands in this tip.
Using YUM to upgrade a system around the kernel
Excluding
the Linux kernel in a YUM upgrade can be done. Learn how from our expert, who also tells you
why it might not be the best idea.
Using YUM in RHEL5 for RPM systems
An expert discusses using YUM
in Red Hat Enterprise Linux 5 for updating, installing, removing and maintaining RPM
packages.
More on YUM:
Basics of
YUM
Check out this overview of and set of how-tos for basic tasks with YUM.
Tips and tricks:
yum-security
A feature in RedHat Enterprise Linux 5.1 allows YUM to only perform security-specific update
information retrieval. Learn about it here.
Yum automatic config file CGI
redirector
Introduction to Yum automatic config file CGI redirector, a tool which automatically sends files to
the appropriate YUM archive.
More YUM tips and
tricks
Enjoy these twelve tips and tricks for improving the performance of YUM. Learn how to correctly
deal with repositories, caches and dependencies.
YUM-Plus?
Package kit is much like YUM, but aims to give open source package management an added edge over
Macintosh and Microsoft.
APPARMOR
Return to Table of Contents
AppArmor and SELinux have long been close competitors in the intrusion detection and prevention field. AppArmor is great for useability, while SELinux offers superior protection. AppArmor beat out SELinux for a 2008 BOSSIE award, and SELinux has been turning out features such as setroubleshooter to improve user-friendliness. These resources will help you to figure out if and how the popular tool AppArmor can enhance your system's security.
Using AppArmor on Red Hat
A user wonders whether it is possible to use AppArmor in
the place of SELinux on Red Hat Enterprise Linux 4 and learns about both security tools.
AppArmor vs. SELinux
An expert says that, yes, AppArmor does offer
equivalent security to SELinux.
Security face-off: Red Hat's SELinux vs. SUSE AppArmor, others
SUSE is hoping AppArmor will be an attractive alternative to Red Hat's SELinux. Ken Milberg
evaluates AppArmor
alongside several distributions' SELinux deployments.
SELinux now enabled in AppArmor's openSUSE
OpenSUSE
11.1 offers basic enablement with SELinux, saving time lost in configuration when implementing
earlier versions with SELinux. Learn more about the change and about openSUSE build service, a new
community development tool, here.
More on AppArmor:
Go ahead,
make my day
The creator of AppArmor, who recently accepted a lead security engineering position with Microsoft,
responds to a blog whose author argues that the tool is no longer a Linux security leader.
AppArmor: security
according to Novell
This link provides an analysis open source security and then narrows into best practices for using
AppArmor.
Watch AppArmor author Crispin Cowan talk about profiles, policies, interoperability and other
aspects of using the tool.
SNORT
Return to Table of Contents
Snort's official catchphrase is "the de facto standard in intrusion detection and prevention." The information below lines the tool up alongside its competitors, analyzes how well it will serve your particular system and details how to enhance the tool's performance.
Best practices for purchasing an intrusion detection device
In this SearchSecurity.com Q&A, security management expert Mike Rothman offers guidelines for
buying -- and recommends Snort
as -- an ideal intrusion detection (IDS) device for protecting your system.
Intrusion detection with Snort on Red Hat Enterprise Linux 5
Snort is a popular open source IDS. Learn how to
install this security tool and configure it with MySQL on Red Hat Enterprise Linux 5.
Improving Snort performance with Barnyard
Increasing the speed and efficiency of intrusion-detection system application Snort means reduced
false positives and more focus on actual threats. You can achieve
this with Barnyard.
Alert vs. log in the Snort /var/log/snort directory
A Linux security expert explains that the difference
between the Snort alert and log logs in the Snort /var/log/snort directory is based on how
rules are written.
Snort Log retention
Best
practices for retention of snort logs may hinge on external requirements like Sarbanes-Oxley.
Learn when it's OK to delete logs and when to hang on to them.
Does Snort support target-based intrusion detection?
A Trusted Computer Solutions security
tool helps protect Linux servers from attack. The tool was featured at the 2008 LinuxWorld
show.
More Snort stories and resources:
Snort: Open
Source Network Intrusion Prevention
This article provides an introduction to Snort -- its strengths, weaknesses and approach to
security threats.
Snort on
MySQL
Learn how to configure Snort to store log packets on a remote MysSQL server.
Starting out with
Snort
This excerpt from the latest Snort Users Manual documents the basics of how to write Snort
rules.
Writing complex Snort
rules
This blog post uses the above manual as a resource in writing advanced Snort rules.
Security Sauce: Snort 3.0 In this blog post, the founder of Sourcefire outlines the most recent changes to Snort 3.0
If we didn't cover what you were looking for, contact Leah Rosin, Site Editor, at lrosin@techtarget.com.
This was first published in June 2010
Join the conversationComment
Share
Comments
Results
Contribute to the conversation