Skip to main content

Posts

Showing posts from February, 2015

AppArmor vs SELinux vs Grsecurity

AppArmor learns the behaviors of applications through established access controls (for monitoring and reporting) and enforces application security policies. Security-Enhanced Linux (SELinux) uses rule-based policy enforcement to restrict the functionality of users and services. Grsecurity uses Linux Security Modules to enhance security of the Linux kernel. Features AppArmor SELinux Grsecurity Allow/Deny Policy Yes Yes Yes Hierarchical Domains Yes Yes Yes Object Types Yes Yes Yes Data Types No No No Account Management No Yes Yes Service Management No Yes Yes Network Management No* Yes Yes Access Control Lists Yes Yes Yes Role-Based Access Control Yes Yes Yes Security Context No Yes No Linux Kernel Module Yes Yes Yes Language No Yes Yes Unified Configuration Yes No No Doesn't Prohibit Other Applications & Tools Yes No No No Installation No No No Few Dependencies Yes No Yes