[ale] IBM is buying Redhat!

Jim Kinney jim.kinney at gmail.com
Mon Oct 29 10:51:26 EDT 2018


AppArmour is the Debian tool. It similar to selinux in that it hardens
application processes to accessing only the sockets and files they need
to function (blocking 0-day privilege escalations). It does NOT support
anything like MLS (multi-level security) or MGS (Multi-Group Security)
that enforces user, group, process, file, and application communication
based on defined relationships and enforced access control and logging
of all access and data movement.
On Mon, 2018-10-29 at 10:40 -0400, Simba via Ale wrote:
> That's been true for years but I think it's less so these days.
> Debianhas a lot of support in the commercial sector. Like I said it's
> gotsomething similar to SELinux but I don't recall, someone in
> #debian onfreenode explained it to me like a year ago.
> Personally, I really dislike when someone in the commercial
> sectorbelieves they have to use RHEL because it's "the secure one",
> and I tryto encourage them to use Debian instead, because the stable
> branch isplenty secure.
> of course I realize I'm saying this right after a vulnerability
> wasspotted in SystemD but it's been patched at the source and i'm
> confidenta fix will be coming down the pipe soon.
> https://security-tracker.debian.org/tracker/CVE-2018-15688
> We could argue forever over which distro is most secure.. who's got
> thetime.
> 
> Simba Lion - https://tailpuff.nethttps://keybase.io/simbalion
> "Why is a raven like a writing desk?"On 10/29/18 10:26 AM, James
> Taylor via Ale wrote:
> Just an added note about meeting DoD requirements.SUSE and redHat
> spend a lot of time upfront baking DoD securityspecifications into
> each of their releases before they are allowed outthe
> door.Government, and most commercial customers care about that. I
> don’t always use commercial versions of linux for customer
> solutions,but when I'm working with clients in to regulated spaces,
> that doesn’tfly far.-jt 
> On Oct 29, 2018, at 9:33 AM, Beddingfield, Allen via Ale <ale at ale.org
> <mailto:ale at ale.org>> wrote:
> Oh, and I forgot to mention:  Support for LONG term
> releases,backporting of fixes, and rigid change control.For example:
>  Want to upgrade from version 12.2 to version 12.3? Better start the
> approval process a year early...  document yourtesting plan, provide
> a tested backout plan, have adequate testingdocumented and verified
> by the proper people, pass the change controlapproval process to go
> into a limited subset of test systems....waitthe required time for
> full deployment to test systems....wait therequired time for
> production rollout.Or:  Want to apply an in-the-wild zero day exploit
> patch? Follow aslightly faster variation of the above process.
> The Debian or Ubuntu model will not pass the change
> controlrequirements.  These are the reasons that SUSE and Red Hat
> backportfixes into an old version of a package for seven+ years,
> instead ofincrementing the version.  That is why SUSE is still
> patching PHP5.3.x on SLES 11 SP4.
> Allen B.
> 
> _______________________________________________Ale mailing
> listAle at ale.orghttps://mail.ale.org/mailman/listinfo/aleSee JOBS,
> ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
> _______________________________________________Ale mailing
> listAle at ale.orghttps://mail.ale.org/mailman/listinfo/aleSee JOBS,
> ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20181029/a9d311f6/attachment-0001.html>


More information about the Ale mailing list