Programs to make your Linux set-up bulletproof.
Like the knights of old, computer users feel the urge to don some form of protective armor to safeguard their weak and exploitable systems. Malware, software designed to harm your systems, has grown to huge proportions through exploits in email, instant message viewers, Web sites and simple attacks on Windows systems. You need something to stand between you and whatever is out there.
Many exploits re-use old techniques. For example, image files on Windows tend to be easy targets for taking over a PC usually through buffer overruns, where malware purposely creates files that will cause the software loading the files to go beyond allocated space.
It might surprise you to know that buffer overrun exploits on Windows, particularly in code that reads image files, have been around for more than 10 years. It’s surprising that Microsoft simply hasn’t devoted a hundred or so programmers to go through every line of all image-reading software libraries, expunging dangerous constructs. Alas, that doesn’t seem to have happened, as we continue to face this problem.
Unless you listen to Microsoft’s PR, which would like to distract you from the bad news, Linux hasn’t faced anything near to the problems on Windows. Even so, Linux has faced security vulnerabilities, particularly aimed at Web-server software such as Apache. That’s why it is a good idea to keep your Linux systems up to date with the latest patches, using tools such as yum or apt-get, which are available with most Linux distributions.
It’s also a good idea to install some form of protection. Even though Linux systems have remained relatively unscathed due to a more secure architecture than Windows, now is the time to protect your systems.
You can find that protection in one of two security systems: SELinux or AppArmor. Both of these systems aim to protect your systems from the applications that run on them. These applications may sport bugs that malware can try to exploit, turning once-friendly applications into partners in crime.
SELinux, shipping on Fedora, Red Hat, Debian, Ubuntu, and other distributions, comes originally from the U.S. National Security Agency. SELinux tries to protect your Linux system by restricting what actions applications can perform. The idea is that even if an application gets compromised in some way, the system will prevent the application from causing much damage. That’s the theory, anyway. After a somewhat rocky start where certain applications no longer functioned, SELinux has settled into the default security system on Linux.
AppArmor comes from Immunix Inc., now part of Novell, which recently released the security application under an open-source license. Similar to SELinux, although simpler to set up, AppArmor follows the idea of granting the least amount of access necessary for each application. The software allows AppArmor to confine applications in such a way that they cannot access other parts of the system. Applications need not be modified to be protected under AppArmor, and the performance hit should be small. AppArmor uses the Linux Security Modules, or LSM, interface into the kernel. This avoids having to patch the Linux kernel, something that is not always possible, and which can be problematic at large corporations.
At least in theory, AppArmor forms a good competitor to SELinux, and through its simpler setup, could overtake SELinux some day.–Eric Foster-Johnson