I'm going to top post, you'll have to deal :) I think that the three come down to what are your goals. One of the goals of SELinux is to make it so that it can be configured to the point of not having a root user. Basically so the IT guy can't read the president's e-mail. This is very cool if you need that level of security -- but I'm guessing you're not sending nuclear launch codes (or at least I hope not). The problem comes down to, with flexibility and power you definitely have enough rope to shoot yourself in the foot. I've talked with the folks implementing AppArmor in Ubuntu a lot about this, and one of the problems that we saw is that almost any Fedora HOWTO on the Internet starts with "disable SELinux." I'm not sure how many Fedora systems have it running and how many don't, but I'm guessing that a fair number don't because of this. Not good. One of the things that AppArmor does (which isn't as restrictive) is do more wild cards and different configurations that get evaluated at runtime. It is more dynamic that SELinux. This makes it easier to configure but also less robust in really well defined locked down environments. I think an interesting example of using AppArmor is the new guest account feature in Intrepid. We basically dynamicly create an account and lock it down with AppArmor to make sure that the guest can't do anything crazy. All in all, unless you're a spy agency I would say that having someone configuring the computer who understands security and configuring a computer to be secure matters more than any of the technologies you choose. --Ted On Fri, 2008-10-31 at 16:19 -0700, Alan Dayley wrote: > Thanks for all the responses to my remote desktop login question. I'm > pretty sure we will deploy FreeNX for that function. > > This question has to do with the same server. A tech savvy manager > says we should use "NSA Linux" on the remote desktop host server. > What he means is use the SELinux security features. > > Now, I don't have lots of experience with setup and maintainence of > SELinux. I hAve read that it is painful and requires more > administration than just "set and forget." > > A similar technology is the AppArmor profiles for applications. Said > to be easier to use than SELinux but provides much the same benefits. > > Then a third camp seems to think that both of these are overkill and a > headache for the benefits gained. They feel that, configured > correctly, standard user security on a Linux box is secure enough for > most business applications. > > Where do any of you stand on this argument? Is SELinux really a pain > to setup and use? Is AppArmor interesting but not worth it? > > Given the function of the server as I previously described in that > other thread (http://lists.plug.phoenix.az.us/lurker/thread/20081030.230820.05346d48.en.html#20081030.230820.05346d48), > What security extensions would you deploy and why? > > Alan > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss