Re: Grsec or lids?

From: Andreas Krennmair (ak@students.htl-klu.at)
Date: 12/21/02

Next message: SchmiTTT: "Re: Grsec or lids?"

Previous message: Alberto Gonzalez: "blank"
In reply to: Paulo Abrantes: "Re: Grsec or lids?"
Next in thread: SchmiTTT: "Re: Grsec or lids?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 21 Dec 2002 01:38:43 +0100
From: Andreas Krennmair <ak@students.htl-klu.at>
To: security-discuss@linuxsecurity.com

* Paulo Abrantes <pcma@mega.ist.utl.pt> [2002-12-21 01:12]:
> On Sat, 21 Dec 2002 00:49:52 +0100
> Andreas Krennmair <ak@students.htl-klu.at> wrote:
>
> > * Paulo Abrantes <pcma@mega.ist.utl.pt> [2002-12-18 21:12]:
> > > Both of the patches you mention are quite good, though I prefer
> > > GRSecurity. Being short and objective, is because GRSecurity
> > > includes all the features that LIDS can give you, plus a couple
> > > of other, quite interesting. Just to give an example, LIDS only
> > > detects a portscan, though with GRsecurity you can detect it and
> > > bogus the reply to make OS fingerprint more difficult (I won't
> > > say impossible).
> >
> > Bah, this is only security by obscurity. Spoofing fingerprints doesn't
> > make the system more secure.
> >
>
> Security by obscurity, doesn't make your system more secure, though
> in this case, this feature makes your life easier to prevent worms
> and kiddies hits on you when they're scanning through OS fingerprints.

Kiddies don't care about OS fingerprints. When their exploit works, then
great (for them), else they move on to the next host.

> Still I just pointed this feature as a plus of GRsecurity, though,
> that's not the unique one, if you don't know the program I suggest
> you, not to criticise. GRsecurity also implements features has system
> tracing, user activity logging, user restriction highly configurable,
> which will probably come in hand when implementing a shell server.

I know what the grsec-patch is, but still I can't see any advantage to
systrace, because all of these features can't be implemented with it,
with the advantage that cannot only do this on Linux, but also on
OpenBSD, NetBSD and Mac OS X.

Regards,

-- 
Andreas Krennmair <ak@students.htl-klu.at>
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

Next message: SchmiTTT: "Re: Grsec or lids?"
Previous message: Alberto Gonzalez: "blank"
In reply to: Paulo Abrantes: "Re: Grsec or lids?"
Next in thread: SchmiTTT: "Re: Grsec or lids?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]