On Sat, 22 Sep 2007, Douglas A. Tutty wrote:
> Hello all,
>
> I'm running OBSD on my older boxes but still Debian on my big box (not
> ready yet).
>
> Linux has SELinux in its 2.6 kernel and debian has gone ahead and
> compiled SELinux into the libraries, although the SELinux policies
> aren't ready on debian yet. The whole focus seems to be to make Linux
> "more secure". I'm not sure what to make of it. I figure that if you
> want secure, you switch to OBSD.
>
> Could someone who knows both the details of OBSDs security enhancements
> and the details of SELinux comment?
>
OBSD is UNIX, .. SELinux is Linux. If you want a secure, efficient,
compact OS done by folks you can trust and actually talk to, use OBSD; if
you want 'fairly secure Linux' [which has had thousands of hand in it
including NSA, as mentioned previousy], use OpenSUSE with ***AppArmor***.
Simple and easy to implement, even by less senior Admins.
SELinux is **NOT** ready for primetime, unless it's changed tremenduously
in the past couple of years. Last time we tried it, management was totally
arcane and the machines would lock up on a regular (monthly) basis. It
wasn't worth the time to troubleshoot so we went with AppArmor for that
application.
Lee
================================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
================================================
