In this tip, SearchOpenSource.com's security expert explains how you can run AppArmor on Red Hat Enterprise Linux 4 and explains why bugs in programs that cause vulnerabilities on one platform may not necessarily affect another platform.
Is it possible to use Novell's AppArmor on Red Hat Enterprise Linux (RHEL) 4?
James Turnbull: AppArmor was originally only available on SUSE, but at the start of 2006 Novell open sourced the application and made it available at Novell Forge. Since then, some community development has taken place and a port of AppArmor for, RHEL 5 specifically, (but also planned to be back-ported to other RHEL releases) is available. The port is currently still in development release and a production release is not yet available.
If you do use AppArmor with RHEL, you will have to ensure SELinux is disabled as the two do not function together. The two applications, AppArmor and SELinux perform very similar functions and it is important to note that SELinux is the Red Hat recommended and preferred application for mandatory access controls.
How do you reset a forgotten password for openSUSE 10.2?
Turnbull: You don't need to re-install. Here, you can find a method to reset your root password. It's a little clunky but it should work. If you run into troubles the forums available at that site should provide further information.
Are firewalls, anti-virus and anti-spyware programs really necessary for Linux? What are some products that work well with openSUSE 10.2 for the desktop?
Turnbull: "Better safe than sorry" is an extremely underrated maxim. You do need a firewall, anti-virus and anti-spyware for Linux. While the incidence of viruses and spyware on Linux are considerably smaller than on Windows-based platforms, they still can occur. Additionally, a properly configured firewall will help protect your host from attackers attempting to compromise it.
With openSUSE 10.2, you have the added advantage since Novell bundles anti-virus, firewall, anti-spyware and anti-spam packages with 10.2 -- you can see the exact applications. I recommend referring to the openSUSE documentation to see how to enable and configure these applications.
When you make an open source app that can run on Windows and Linux, does that mean that any bugs in one version will cause vulnerabilities in the other version? For example, OpenOffice's recent patch has errors in the Windows version.
Turnbull: This is a very hard question to answer as it depends on a lot of variables, like:
- the application in question and
- the nature of the vulnerability.
If the vulnerability is irrelevant to the operating system, for example an application that doesn't have appropriate access controls, then both the Linux and Windows variants may be vulnerable. But if the vulnerability relies on a particular operating system, like expecting a Windows-based kernel, then it is unlikely that the same vulnerability will impact Linux. Yet, as mentioned, this is very arbitrary.
I would always err on the side of caution and carefully investigate any discovered vulnerability to determine all the possible combinations of operating systems, versions, and circumstances in which you might be vulnerable. Many of the security companies do this for you and I would recommend starting there if the vulnerability is known and documented.
What is the difference between Advanced Intrusion Detection Environment and Tripwire?
Turnbull: AIDE and Tripwire are both File Integrity Agents (FIAs). An FIA monitors the integrity and state of the files and objects on your host. If it detects changes to those files, then alerts the administrator that an unauthorized access or change has taken place. FIAs usually take a hash of all files to be monitored using an algorithm like MD5. The snapshot is periodically checked against the current hash of the file and any variations alerted on.
One of the key differences between Tripwire and AIDE is their commercial status. Tripwire was originally a free, open source product and is now a commercial product. However, a free version of Tripwire (branched from the Tripwire code in 2000) is still being developed at http://sourceforge.net/projects/tripwire/. In comparison, AIDE is entirely open source and licensed via the GPL.
Whilst essentially very similar in functionality, in my opinion there does seem to be more regular development on AIDE with more features and updates being released. The open source Tripwire version was last updated in 2005.