Vendors move to strengthen their Linux platforms

Whether you believe the rash of recent studies showing how safe/vulnerable the Linux operating system is to attack, what’s important are the steps Linux vendors are taking to bolster and harden their software.

As reported recently, leading Linux distributors Red Hat and Novell, with its SuSE Linux operating system, are making a major security push with their respective products. Both vendors have introduced features in their Linux distributions that help to partition applications from each other and the core operating system. This can help prevent attacks such as buffer overflows, which take advantage of flaws in one application to affect other applications, or the core operating system itself.

Both vendors are using tools from the public domain, as well as software acquired from other vendors. The cornerstone of Red Hat’s security effort is the tight integration of SELinux modifications into its own software. SELinux was developed by the National Security Agency, not to eavesdrop on unsuspecting citizens, but to ensure separation of processes and system files on a Linux platform. (OK, maybe the NSA does use SELinux servers to spy on you and me, but that’s another issue.)

Novell’s SuSE can also be configured to operate as an SELinux server, but the vendor recently acquired its own technology to secure its software. Novell’s AppArmor, which it bought from Linux start-up Immunix, does similar partitioning and security tasks as SELinux. Novell had offered AppArmor as an add-on, but said earlier this month that it will be rolled into its main SuSE distribution. (It also offered up AppArmor source code to the community, which is good for everyone.)

So what tools do you use to secure your Linux servers? Let me know, and you could be entered to win a free, guaranteed one-week break from being spied on by the NSA.*

(*Offer is silly and not valid anywhere.)