 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Wed, 2011-07-20 at 19:28 -0400, MBR wrote: > My question is, what do typical Linux users do WRT protecting their > systems from malware? A few of my public-facing Linux systems have been compromised over the years, usually through old versions of server software. However, none of my SELinux-protected systems have been compromised to date. SELinux uses system policy and the security context of various resources (processes, sockets, files) to determine if a particular kernel action should be permitted. Thus, if an attacker can subvert (say) Apache to do something that it should not do, and that action does not fit with that Apache should be doing (according to system policy), then the action will be denied (e.g., denied access to a file will result in the kernel telling the application that the file does not exist). SELinux is not widely used to user applications, but it can be (e.g., sandbox). Of course, there's a whole arsenal of other security tools available: snort, tripwire, rkhunter, ... -Chris
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
