Guide to the Linux security toolbox

Linux security software and tools are always changing. Learn which ones to use for your open source system and how to configure them according to your needs in this newly updated guide.

This Linux Security guide provides resources and tips for four of the most popular Linux security tools: SELinux, Yellowdog Updater, Modified (YUM), AppArmor and Snort.

SELinux is an operating system developed in coordination with the National Security Agency (NSA). Its main security feature is Mandatory Access Control (MAC), a framework created for government purposes to enforce rigid distinctions about who receives access to which parts of the system. This distinguishes the tool from Unix and Windows security.

The second tool in the guide, YUM, collects information for and directs Red Hat Package Manager in its installation of software upgrades. This ensures that the software on your system is current - and therefore as close to invulnerable as possible. The tool is standard on Red Hat Enterprise Linux, CentOS and Fedora operating systems, and functions well with any RPM-based distribution. One of its several advantages over tools like Yast is its ability to upgrade to newer architectures of the same software.

AppArmor and SELinux are arguably each other's closest competitors. AppArmor is a security framework rather than an operating system with built-in controls. Originally a kernel patch, it is now a full-fledged tool which checks incoming activity against standardized profiles and denies access to visitors exhibiting suspicious behavior. "Apparmor provides more coarse controls than SELinux, but is much easier to use - and especially to customize - which lends it to a wider audience," one system administrator said. He added, "Apparmor also allows administrators to wrap a single application without modifying the rest of the system, meaning an administrator may choose to use it only on applications which are open to the network."

Snort's niche is intrusion detection and prevention. It uses methods of access regulation similar to those in AppArmor and SELinux, but it is also capable of compiling information about potential intrusions into log packets and returning the information to administrators. "Snort is the premier open source IDS solution and a solution that rivals many commercial products. The upcoming Snort 3.0 release, which features a significant re-architecture and performance enhancement, will only solidify its place in the market," SearchEnterpriseLinux security expert James Turnbull said

The Linux security tools and guidance included below will help newbies and veterans to maintain a safe and productive Linux enterprise environment. Enjoy!







 Return to Table of Contents

SELinux, the only Linux security tool developed in collaboration with the National Security Agency (NSA), is renowned for its top-level performance. Learn how to secure networks, manage policies and troubleshoot security issues in the links below with SELinux.

When to use SELinux: An introduction to security-enhanced Linux
In this tip on the basics of SELinux, find out what this Linux security system is, its competition, and best practices for implementing the system.

LinuxWorld preview: IBM engineer touts SELinux
SELinux has made strides in protecting systems from intrusion by unauthorized access but its lack of user-friendliness remains a weakness.

Secure networks with SELinux
Learn how SELinux can protect Linux servers at the system level with security management commands and utilities in this sample chapter.

Using SETools to manage SELinux policies
SETools can help SELinux administrators with the daunting task of writing, managing and reporting on policies with the help of tools such as apol, sediff, seaudit and sechecker.

SELinux in RHEL 5: More enhanced, more security
SELinux enhancements in Red Hat Enterprise Linux 5, such as the added security of SELinux Troubleshooter and the multi-level security integration, are welcome changes.

Solaris 10 Trusted Extensions vs. SELinux
Solaris 10 Trusted Extensions and SELinux are best suited to different system requirements and administrator skill sets. Our security expert explains the distinction and recommends when to implement each.

Bastille or SELinux?
If you had to choose between Bastille and SELinux, consider what you really need from a security program. A Linux expert explains the tradeoffs and benefits of each based on factors such as monitoring, ease of maintenance and range of coverage.

Five ways SELinux may surprise you
In the column that follows, author and SELinux expert Frank Mayer will walk you through five of the ways that this venerable Linux security technology may surprise you.


Additional SELinux resources:

SELinux repository
Red Hat recently moved its source code repository for SELinux from SourceForge to Tresys. Find a link to the new space on a blog hosted by Red Hat.

SELinux repository hosted and managed by Tresys
This article offers the fuller detail on the transfer of SELinux repository to Tresys.

Dan Walsh's Journal
Find the latest on SELinux on the blog of Red Hat Principal Software Engineer Dan Walsh.



 Return to Table of Contents

Keep your system running with the most up-to-date software versions available with Yellowdog Updater, Modified (YUM). The tool, an aid to RedHat Package Manager, calculates system dependencies and performs installations to resolve them.

This section details how to make best use of YUM. If you are already familiar with YUM, you will also find tips for tweaking it for optimal performance and to perform security-specific updates.

Configuring YUM on Linux
Learn how to configure YUM on Linux by using the main configuration file, yum.conf, and learn some of the key YUM commands in this tip.

Using YUM to upgrade a system around the kernel
Excluding the Linux kernel in a YUM upgrade can be done. Learn how from our expert, who also tells you why it might not be the best idea.

Using YUM in RHEL5 for RPM systems
An expert discusses using YUM in Red Hat Enterprise Linux 5 for updating, installing, removing and maintaining RPM packages.


More on YUM:

Basics of YUM
Check out this overview of and set of how-tos for basic tasks with YUM.

Tips and tricks: yum-security
A feature in RedHat Enterprise Linux 5.1 allows YUM to only perform security-specific update information retrieval. Learn about it here.

Yum automatic config file CGI redirector
Introduction to Yum automatic config file CGI redirector, a tool which automatically sends files to the appropriate YUM archive.

More YUM tips and tricks
Enjoy these twelve tips and tricks for improving the performance of YUM. Learn how to correctly deal with repositories, caches and dependencies.

Package kit is much like YUM, but aims to give open source package management an added edge over Macintosh and Microsoft.


  Return to Table of Contents

AppArmor and SELinux have long been close competitors in the intrusion detection and prevention field. AppArmor is great for useability, while SELinux offers superior protection. AppArmor beat out SELinux for a 2008 BOSSIE award, and SELinux has been turning out features such as setroubleshooter to improve user-friendliness. These resources will help you to figure out if and how the popular tool AppArmor can enhance your system's security.

Using AppArmor on Red Hat
A user wonders whether it is possible to use AppArmor in the place of SELinux on Red Hat Enterprise Linux 4 and learns about both security tools.

AppArmor vs. SELinux
An expert says that, yes, AppArmor does offer equivalent security to SELinux.

Security face-off: Red Hat's SELinux vs. SUSE AppArmor, others
SUSE is hoping AppArmor will be an attractive alternative to Red Hat's SELinux. Ken Milberg evaluates AppArmor alongside several distributions' SELinux deployments.

SELinux now enabled in AppArmor's openSUSE
OpenSUSE 11.1 offers basic enablement with SELinux, saving time lost in configuration when implementing earlier versions with SELinux. Learn more about the change and about openSUSE build service, a new community development tool, here.


More on AppArmor:

Go ahead, make my day
The creator of AppArmor, who recently accepted a lead security engineering position with Microsoft, responds to a blog whose author argues that the tool is no longer a Linux security leader.

AppArmor: security according to Novell
This link provides an analysis open source security and then narrows into best practices for using AppArmor.

Watch AppArmor author Crispin Cowan talk about profiles, policies, interoperability and other aspects of using the tool.



 Return to Table of Contents

Snort's official catchphrase is "the de facto standard in intrusion detection and prevention." The information below lines the tool up alongside its competitors, analyzes how well it will serve your particular system and details how to enhance the tool's performance.

Best practices for purchasing an intrusion detection device
In this Q&A, security management expert Mike Rothman offers guidelines for buying -- and recommends Snort as -- an ideal intrusion detection (IDS) device for protecting your system.

Intrusion detection with Snort on Red Hat Enterprise Linux 5
Snort is a popular open source IDS. Learn how to install this security tool and configure it with MySQL on Red Hat Enterprise Linux 5.

Improving Snort performance with Barnyard
Increasing the speed and efficiency of intrusion-detection system application Snort means reduced false positives and more focus on actual threats. You can achieve this with Barnyard.

Alert vs. log in the Snort /var/log/snort directory
A Linux security expert explains that the difference between the Snort alert and log logs in the Snort /var/log/snort directory is based on how rules are written.

Snort Log retention
Best practices for retention of snort logs may hinge on external requirements like Sarbanes-Oxley. Learn when it's OK to delete logs and when to hang on to them.

Does Snort support target-based intrusion detection?
A Trusted Computer Solutions security tool helps protect Linux servers from attack. The tool was featured at the 2008 LinuxWorld show.


More Snort stories and resources:

Snort: Open Source Network Intrusion Prevention
This article provides an introduction to Snort -- its strengths, weaknesses and approach to security threats.

Snort on MySQL
Learn how to configure Snort to store log packets on a remote MysSQL server.

Starting out with Snort
This excerpt from the latest Snort Users Manual documents the basics of how to write Snort rules.

Writing complex Snort rules
This blog post uses the above manual as a resource in writing advanced Snort rules.

Security Sauce: Snort 3.0 In this blog post, the founder of Sourcefire outlines the most recent changes to Snort 3.0


If we didn't cover what you were looking for, contact Leah Rosin, Site Editor, at

Dig Deeper on Linux servers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.