* Crispin Cowan (crispin@private) wrote: > mohd fayzal wrote: > > > i'm a final year student in a quest to find an interesting yet do-able > > final year project, one area i like to dive into is understanding the > > inner working of kernels, therefore i thought abt comparing various > > linux distro's in particular its security, so i'm gonna do a > > comparison between bastille, engarde, and SE linux. Now my question is > > ... does lsm really is the base modulle for all these distro's. LSM is only one piece of the security picture. It _is_ the basis for things like LIDS, SubDomain, and SELInux. These are kernel modules that provide enhanced access control models. > Misconceptions galore: > > * Bastille is a security-enhancing package that you add to distros, > and not a distro itself. > * EnGarde is a distro, but contains no original security features. > It is mainly LIDS with a web GUI. LIDS, in turn, was originally a > kernel patch, and now has an LSM version. > * SELinux is not a distro either. It was originally a kernel patch, > and is now an LSM module, and associated user-level tools. > > Secure distros would be EnGarde (uses LIDS, may or may not be on the LSM > version), Immunix (uses LSM for the SubDomain feature), and Trusted > Debian (does not use LSM, it uses RSBAC instead). There are also Debian packages for SELinux, Fedora Core is integrating SELinux, and same for Hardened Gentoo. In addition, there are more distros which do not use LSM, e.g. Trustix and Openwall (sorry to put those in same context). thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2b30 : Thu Feb 19 2004 - 09:15:47 PST