Linux.com

Search

Special Offers

Get special offers on:

Linux
Application Dev
Programming
Software

Email:

Feature

Special Report: Linux security

By Joe 'Zonker' Brockmeier on December 04, 2006 (8:00:00 AM)

Share    Print    Comments   

Compared to some operating systems, Linux has had a very good security track record -- but it's not perfect, and there's always room for improvement. This week, we'll look at tools for users and admins to lock down their systems, and talk to some of the distribution vendors about how they deal with security updates.

We're kicking off the security series with Bruce Byfield's look at Bastille, which is at the intersection of security software and education. This is a good place to start, because real security requires software that is not only free of known vulnerabilities, but also configured by someone who understands security and what makes a system vulnerable.

We already know that almost any package may have one or two vulnerabilities; the questions are whether the vulnerabilities will be discovered, and how the vulnerabilities can be exploited. On a well-configured system, a vulnerability may be rendered harmless or at least mitigated if the system has been set up correctly.

Once a vulnerability is discovered, can a vendor get a patch pushed out to users quickly enough to keep them safe from malware? Later this week, Mayank Sharma will report on the security teams from major vendors and some of the processes and procedures they use to stay on top of vulnerabilities.

We'll also look at SELinux and AppArmor, and have interviews with Linux security experts.

This is Linux.com's third special report, following our look at Exchange replacements in September, and the finance software report from November. Thanks for all the feedback so far. We're still looking for comments, as well as suggestions for topics you'd like to see us cover. If you have a suggestion for another topic that deserves a series, please let us know. Thanks for reading, and we look forward to your comments.

Share    Print    Comments   

Related Links

Last 5 articles by this author:

Sponsored links:

Comments

on Special Report: Linux security

Note: Comments are owned by the poster. We are not responsible for their content.

OpenBSD

Posted by: Anonymous Coward on December 05, 2006 09:28 AM
When it comes to security, OpenBSD is the shit!
* <a href="http://www.openbsd.org/" title="openbsd.org">http://www.openbsd.org/</a openbsd.org>
* <a href="http://en.wikipedia.org/wiki/OpenBSD" title="wikipedia.org">http://en.wikipedia.org/wiki/OpenBSD</a wikipedia.org>

#

thanks for the warning

Posted by: Anonymous Coward on December 06, 2006 04:04 AM
I avoid shitty operating systems, so thanks for the heads-up.

#

Security

Posted by: Anonymous Coward on December 05, 2006 09:31 AM
God bless iptables!

All daemons should run in an own space where it cant harm anything if its gets compromised. Maybe all services too. Maybe they should be locked into a chjail or run from a restricted account or run inside a sandbox or something or some sort of virtualization.

Just because one daemon is vulnerable, it shouldn't make the whole computer vulnerable. Apache needs access htdocs, the log folder, the conf folder, nothing more!
MySQL only needs access the database, nothing more!
FTP server, only needs access the FTP directory, it doesn't need access the whole filesystem.

#

grsecurity

Posted by: Anonymous Coward on December 05, 2006 09:32 AM
Don't forget the grsecurity kernel-patch.
* <a href="http://www.grsecurity.org/" title="grsecurity.org">http://www.grsecurity.org/</a grsecurity.org>
* <a href="http://en.wikipedia.org/wiki/Grsecurity" title="wikipedia.org">http://en.wikipedia.org/wiki/Grsecurity</a wikipedia.org>

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya