Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Apparmor vs SElinux

  1. #1
    Join Date
    May 2019
    Beans
    7

    Apparmor vs SElinux

    Hello,

    I'm actually in front of a choice between fedora (RedHat) and Ubuntu (Canonical) for my desktop / server.
    Honnestly, I prefer APT to DNF (pacman is very good too but I'm not a particular fan of rolling releases and certainly not on servers !). But fedora (Redhat) is using SElinux (by default) why other distributions are using Apparmor.

    I've heard that SElinux is very difficult to configure/understand why apparmor is more user friendly but what about the security? Is one better than the other? Apparmor concern only application rights but does SElinux do more?

    Thanks.

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Apparmor vs SElinux

    Don't use Fedora on a freakin' server. Would you run alpha software on a server? Use CentOS or RHEL if that is the way you are headed.
    Security isn't a checkbox (Y/N). SELinux has industrial strength capabilities, but you have to know how to use them. Lots of SW installation guides for RPM-based distros begin by turning off SELinux. That isn't much use, is it?
    Apparmor has fewer capabilities, but is much more approachable so you might actually use it.

    Unix security is made up from many layers, not 1 single tool.

  3. #3
    Join Date
    May 2019
    Beans
    7

    Re: Apparmor vs SElinux

    @TheFu: It's not a production server but only a simple server for test purposes so nothing "freaky". The fact that we have to turn off SElinux to have something working is non-sense for me but it solves problems. But we're on a ubuntu forum, so I think you will advise me to use Ubuntu (or debian)? Can you give me some practical advantages in comparaison to Fedora (except the packaging tool) ?

  4. #4
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: Apparmor vs SElinux

    Here's a doc that compares the two. https://elinux.org/images/3/39/SecureOS_nakamura.pdf

    Personally, I've toyed with Fedora, but I too prefer using APT. I have also messed around with creating AppArmor profiles. I haven't touched SELinux, though I don't have any public facing servers. I do currently have two LAN facing servers and they're both running Debian. Debian was chosen because one of the servers is 32 bit and Ubuntu no longer supports 32 bit processors.

  5. #5
    Join Date
    May 2019
    Beans
    7

    Re: Apparmor vs SElinux

    So I'll go for ubuntu or debian (for 32bits version servers). I've a big problem with that huge choice of distro ! There are few differences but there are more distros than the differences themselves and that makes GNU/Linux from my point of view a little bit unserious !

    And thanks for the comparaison doc .
    Last edited by soufianta; August 23rd, 2019 at 04:17 PM.

  6. #6
    Join Date
    Dec 2017
    Beans
    1,143

    Re: Apparmor vs SElinux


  7. #7
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: Apparmor vs SElinux

    Quote Originally Posted by soufianta View Post
    So I'll go for ubuntu or debian (for 32bits version servers). I've a big problem with that huge choice of distro ! There are few differences but there are more distros than the differences themselves and that makes GNU/Linux from my point of view a little bit unserious !

    And thanks for the comparaison doc .
    Not sure how that makes Linux an unserious thing. Pick the distro of your liking, then build it to do what you need it to do. The different distros off different defaults, but they're just defaults.

  8. #8
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: Apparmor vs SElinux

    Quote Originally Posted by cruzer001 View Post
    I require a GUI on that machine. Debian made it easier. I don't see a 32bit server image listed on the alternate installer list.

    Edit: I also wanted LXDE on it. Canonical only offers 3 year LTS for Lubuntu. I preferred to put something on it that won't require a reinstall during the rest of its life. I don't expect the Netbook to last longer than five to six years.
    Last edited by uRock; August 23rd, 2019 at 04:41 PM.

  9. #9
    Join Date
    Dec 2017
    Beans
    1,143

    Re: Apparmor vs SElinux

    BitTorrent list, link drops to wrong screen.

  10. #10
    Join Date
    May 2019
    Beans
    7

    Re: Apparmor vs SElinux

    You can have different options/choices of products but not a HUGE choice of the same product (GNU/LINUX) but that's only my opinion... It's like in a restaurant, if the customer has a huge choice, he will most probably try/take something he don't want and will never come back ...

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •