Linux安全相关技术:
- Audit
- SELinux
- AppArmor
- OpenSSL
- TPM
- SGX
- LSM
Linux上六种常用的安全加固技术:
1、安全的编码(Secure Code),减少编写的错误。
2、应用层漏洞缓解技术(Application-level exploitation)(SSP,relro)
3、系统级漏洞缓解技术(System-level exploit mitigation)(ASLR,NX),
4、降权处理(Privilege Dropping)(Sandboxing)
5、强制访问控制(Mandatory access control)(MAC,SELinux)
6、更新策略(Update strategy)
|
feature |
SELinux |
AppArmor |
grsecurity |
|
Automated |
No (audit2allow and system-config-selinux) |
Yes (Yast wizard) |
Yes (auto traning / gradm) |
|
Powerful policy setup |
Yes (very complex) |
Yes |
Yes |
|
Default and recommended integration |
CentOS / RedHat / Debian |
Suse / OpenSuse |
Any Linux distribution |
|
Training and vendor support |
Yes (Redhat) |
Yes (Novell) |
No (community forum and lists) |
|
Recommend for |
Advanced user |
New / advanced user |
New users |
|
Feature |
Pathname based system does not require labelling or relabelling filesystem |
Attaches labels to all files, processes and objects |
A |
管理员
这个人太懒什么东西都没留下