SUSE Linux administrators will have a choice in intrusion detection systems next year: They can use the complex, military-grade Security-Enhanced Linux, or SELinux or instead Novell Inc.'s simpler AppArmor security tool.
In response to some requests, the Waltham, Mass.-based company has decided to stop disabling SELinux within the Linux kernel, starting with the next version of OpenSUSE 11.1, which is expected in December, and SUSE Linux Enterprise 11 for servers and desktops which will follow in the first half of 2009.
But the change does not mean that Novell will back AppArmor any less. In fact, Novell will not offer support for SELinux. So users who try it are on their own, according to Holger Dyroff, Novell's vice president of product management for SUSE Linux.
"We had some demand from people who wanted to try out SELinux," Dyroff said. "But we still recommend AppArmor."
SELinux vs. AppArmor
The SELinux access controls are based on a National Security Agency-funded framework, in which IBM has played a key development role over the past seven or eight years, according to Doc Shankar, an IBM distinguished engineer. Red Hat incorporated SELinux into Red Hat Enterprise Linux 4 and 5, and Ubuntu and Gentoo are in the process of adding it now, he said.
According to Novell's Dyroff, both security tools provide the same basic function of intrusion prevention, which ensures that an intruder that gains unauthorized entry to an environment has no rights and cannot do anything except look at a file and cannot go anywhere else. These safeguards help contain the damage.
Where AppArmor and SELinux differ is that SELinux adds a framework for complex rules-based access policies, which an administrator has to create, defining who has the rights to see documents with different levels of security restrictions, Dyroff said. Once established, these access policies are automatically and absolutely enforced.
But SELinux involves clear tradeoffs in terms of ease of use. The problem is that SELinux is built on such a complex architecture that it is difficult to use or configure without a doctorate in mathematics, Dyroff said. Once a user begins customizing an SELinux install, the structure of the underlying framework becomes even more obscure, he added.
In contrast, AppArmor simply builds a firewall around an application and defines which files can be read, written or executed in a straightforward manner; it's easy for anyone who understands file system rules to administer, Dyroff said. Further, AppArmor offers sufficient protection for nearly all businesses, he said. Only the U.S. military needs the extra access controls that SELinux provides.
Can SELinux beyond the early adopters?
Daniel Walsh, an SELinux engineer with Red Hat, said that SELinux is complicated for administrators to understand because it adds a third, unfamiliar step to the customary verification process for permitting access to the operating system. In addition to checking ownership and permissions, administrators also must check SELinux' identifying labels attached to all processes, files and obects in the operating system and access can be denied if the labels are not correct, he said.
But Walsh predicted that over time, as administrators get used to SELinux, its controls will be activated more and more (instead of being turned off).
SELinux's complexity was an important theme at the recent LinuxWorld Conference & Expo this summer, with Shankar and other security speakers agreeing that if SELinux is to move beyond early adoption, the tool needs to become easier to use.
But even if SELinux does become more user-friendly, its access controls don't automatically confer security on an operating system or application, they said. The reason: applications are shipped with all the settings at the broadest range to avoid crashing upon install and, therefore, do not provide airtight access protection until administrators create access control policies.
Meanwhile, Novell's quest for the perfect Linux security tool continues. Even as it has restored SELinux functionality to SUSE's Linux kernel, Novell has added controls for network devices to AppArmor and exploring other security solutions with a simpler architecture than SELinux, Dyroff said. The effort isn't intensive, however, because there isn't enough demand, he added.