Sunday, January 23, 2011

SELinux vs. AppArmor vs. grsecurity

I have to set up a server that should be as secure as possible. Which security enhancement would you use and why, SELinux, AppArmor or grsecurity? Can you give me some tips, hints, pros/cons for those three?

AFAIK:

  • SELinux: most powerful but most complex
  • AppArmor: simpler configuration / management than SELinux
  • grsecurity: simple configuration due to auto training, more features than just access control
  • Personally, I would use SELinux because I would end up targeting some flavor of RHEL which has this set up out of the box for the most part. There is also a responsive set of maintainers at Red Hat and a lot of very good documentation out there about configuring SELinux. Useful links below.

    Rook : yeah but yum and selinux are so damn annoying.
    Ophidian : I find yum's CLI significantly more intuitive than apt. SELinux is annoying when you're trying to go your own way with non-stock apps, but I've never had issues with the stock stuff beyond needing to turn on some sebool's to enable non-default functionality (e.g. Let httpd php scripts connect to the database)
    From Ophidian
  • A "server" to provide what kind of service? To what audience, in what environment? What constitutes "secure" to you in this context? Lots more information would be necessary to provide a useful answer. For instance, a pure IP Time-of-Day server can be very secure -- all ROM firmware, radio imput, self contained battery power with automatic charging. But that's probably not a useful answer for you.

    So, what kind of service? Internet wide, enterprise wide, trusted work team, dedicated point-to-point networking, etc.? Is high availability a need? Reliability? Data Integrity? Access control? Give us some more information about what you want, and recognize that "secure" is a word whose meaning has many dimensions.

    From mpez0
  • I have done a lot of research in this area. I have even exploited AppArmor's rulesets for MySQL. AppArmor is the weakest form of processes separation. The property that I'm exploiting is that all processes have write privileges to some of the same directories such as /tmp/. What nice about AppArmor is that it breaks some exploits without getting in the user/administrators way. However AppArmor has some fundamental flaws that aren't going to be fixed any time soon.

    SELinux is very secure, its also very annoying. Unlike AppAmoror most legitimate applications will not run until SELinux has been reconfigured. Most often this results in the administrator misconfiguration SELinux or disabling it all together.

    grsecurity is a very large package of tools. The one i like the most is grsecuirty's enhanced chroot. This is even more secure then SELinux, although it takes some skill and some time to setup a chroot jail where as SELinux and AppAprmor "just work".

    There is a 4th system, a Virtual Machine. Vulnerabilities have been found in VM environments that can allow an attacker to "break out". However a VM has a even greater separation than a chroot becuase in a VM you are sharing less resources between processes. The resources available to a VM are virtual, and can have little or no overlap between other VMs. This also relates to <buzzword> "cloud computing" </buzzword>. In a cloud environment you could have a very clean separation between your database and web application, which is important for security. It also maybe possible that 1 exploit could own the entire cloud and all VM's running on it.

    From Rook

0 comments:

Post a Comment