[ubuntu-hardened] Re: grsecurity vs vsecurity vs breezy
jeff.schroeder2 at us.army.mil
jeff.schroeder2 at us.army.mil
Sun Oct 16 23:28:18 CDT 2005
Not that much longer, and a new version of
vsecurity will come out that encompasses the
functionality of cap_over. That means that you
will be able to remove suid root from many system
binaries with a simple policy file. Unlike
SELinux policy files, cap_over is a bit more
admin friendly.
A few links:
http://wiki.tuxedo-es.org/VSecurityDocumentation
http://wiki.tuxedo-es.org/Capability_Policy_Writing_Tutorial
http://wiki.tuxedo-es.org/Example-policy.conf
vSecurity is designed to take the best from several
projects like grsecurity, openwall, and cap_over and
combine them into a "drop in" security solution.
Grsecurity is much more intrusive than vSecurity by
design and requires more work from the admin. Just
my 2 cents.
jeff schroeder
More information about the ubuntu-hardened
mailing list