tlb
Volume 3, Number 2 -- January 17, 2006

Novell Takes AppArmor Security Middleware Open Source

Published: January 17, 2006

by Timothy Prickett Morgan

Rather than support the Security Enhanced Linux (SE-Linux) kernel changes for Linux 2.6 as Red Hat and others have adopted to beef up the security of Linux and its applications, commercial Linux distributor Novell acquired a company called Immunix, which had created a kind of application security middleware that it named AppArmor. Last week, Novell took the AppArmor product open source and added it as a new project to its openSUSE community development effort for its SUSE Linux operating system.

Instead of changing the kernel and adding complexity to Linux, which is what SE-Linux does, Novell has added what is in essence a sentry to its version of Linux, which is what AppArmor is. System administrators probe for open ports using tools built into AppArmor, and define what can access these ports as well as what interactions can exist between different applications running on an instance of Linux. This is a fine enough approach for security, but it has its own complexities. For each port and each Linux-to-application and application-to-application interaction, AppArmor needs to have a profile to tell it how to behave. According to Crispin Cowan, the new SUSE Linux Enterprise Server 9 Service Pack 3 (which is covered elsewhere in this newsletter) includes AppArmor profiles for hundreds of applications, but it is a far cry from covering the thousands of applications included in a normal Linux distribution.

This is one of the reasons why Novell, which just bought AppArmor and which certainly doesn't want to have it become a competitive advantage for other Linux distributors, has decided to take the AppArmor code open source under the GNU General Public License. For AppArmor to be useful, Novell needs the Linux community to create and distribute templates, which will happen a lot quicker if AppArmor is an open source project and community members feel like they are helping the community rather than just making it easier for Novell to make money.

Cowan says that SUSE Linux Enterprise Server 10, which is expected in late May 2005 or so and based on the openSUSE project's current desktop code (formerly SUSE Linux Professional 10), will have AppArmor built in by default. AppArmor code as well as the security profiles for applications will be managed by Novell's AutoBuild system, which is a versioning system made by SUSE to create its Linux. Cowan says that for now, Novell really wants community help on security profiles and will solicit help on the code for AppArmor itself later. While the AppArmor product will be bundled into SLES 9 SP3 and SLES 10, premium support for the product costs $298 per server per year.



Sponsored By
ARKEIA

ENTERPRISE BACKUP SOLUTIONS

Arkeia is a leading provider of backup solutions, noted for its early and comprehensive support of the Linux operating system. Arkeia provides fast, reliable and easy-to-use backup solutions, scalable from a single server to complex heterogeneous environments.

Arkeia Network Backup - An award-winning network backup solution providing the functionality and scalability for both SMBs and large enterprises.

Arkeia Server Backup - A powerful single-server backup solution developed for business environments with stand-alone Linux servers.

Options include bare metal Disaster Recovery, NDMP support for NAS backup and hot backup plug-ins for Oracle, DB2, Lotus, MySQL, LDAP and MS-Exchange. More than 4000 customers worldwide rely on Arkeia for their data protection needs.

www.arkeia.com



Editor: Timothy Prickett Morgan
Contributing Editors: Dan Burger, Joe Hertvik, Kevin Vandever,
Shannon O'Donnell, Victor Rozek, Hesh Wiener, Alex Woodie
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

nuBridges:  truExchange EDI-INT for Linux gives you total control to exchange secure transactions
Roaring Pengiun:  Anti-Spam Software for Linux/UNIX
COMMON:  Join us at the Spring 2006 conference, March 26-30, in Minneapolis, Minnesota

 


 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement