Slashdot Mirror

← Back to Stories (view on slashdot.org)

Additional Security in the Linux Kernel?

Posted by Cliff on from the going-beyond-ugo dept.

nyx asks: "Recently, I was looking for some way to improve security on my linux boxes. I found few linux patches like grsecurity, LIDS (now also as Linux Security Module), Medusa DS9. I'm testing grsecurity (and it's ACLs) now and I'm quite satisfied with it, but I wonder, what are pros and cons of other solutions. Anybody tried them and can share his experience with us?"

3 of 300 comments (clear)

  1. Neat Security Trick by CONTROL_ALT_F4 · · Score: 5, Interesting

    I had a friend who ran all of his INET services through a VMWARE instance on his Linux box. He would get hit by a script kiddie, and then use the ROLLBACK feature to undo the damage. He would patch the hole on the virtual machine and start up the site as if nothing happened.

  2. Re:ACLs by WetCat · · Score: 5, Interesting

    BTW,it's theoretically proven that security provided by Discretory Access Control systems (in which ACL's and unix protection schemes belong to) is algoritmically unprovable - you cannot deduct that system is secure based on system and DAC rules.
    That proof is possible if are using mandatory access control or may be other security means.
    So DAC are not only pain in the ... - it's also a nonreliable means of security.

  3. ACL's in Red Hat Limbo beta by Laven · · Score: 5, Interesting
    ACL support was added to the kernel in Red Hat Limbo beta which will likely become Red Hat 8.0. They also include the command line tools to manipulate the ACL's.

    Read about it in the RELEASE-NOTES
    ftp://videl.ics.hawaii.edu/mirrors/redhat/linux/be ta/limbo/en/os/i386/RELEASE-NOTES