Re: Grsec or lids?

From: Andreas Krennmair (ak@students.htl-klu.at)
Date: 12/21/02

  • Next message: Alberto Gonzalez: "Re: Grsec or lids?"
    Date: Sat, 21 Dec 2002 00:49:52 +0100
    From: Andreas Krennmair <ak@students.htl-klu.at>
    To: security-discuss@linuxsecurity.com
    
    

    * Paulo Abrantes <pcma@mega.ist.utl.pt> [2002-12-18 21:12]:
    > Both of the patches you mention are quite good, though I prefer
    > GRSecurity. Being short and objective, is because GRSecurity
    > includes all the features that LIDS can give you, plus a couple
    > of other, quite interesting. Just to give an example, LIDS only
    > detects a portscan, though with GRsecurity you can detect it and
    > bogus the reply to make OS fingerprint more difficult (I won't
    > say impossible).

    Bah, this is only security by obscurity. Spoofing fingerprints doesn't
    make the system more secure.

    If the original poster is interested in serious security, I'd suggest to
    have a look at systrace for Linux:
    http://www.citi.umich.edu/u/provos/systrace/linux.html

    It's simple, it's effective, and you have to think about security
    policies. Without security policies "security" doesn't exist.

    A while ago, I added privilege elevation to systrace for Linux, but it
    is based on an old patch with less features (i.e. it doesn't have
    argument rewriting): http://synflood.at/systrace/

    Regards,
    Andreas Krennmair

    -- 
    Andreas Krennmair <ak@students.htl-klu.at>
    ------------------------------------------------------------------------
         To unsubscribe email security-discuss-request@linuxsecurity.com
             with "unsubscribe" in the subject of the message.