Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Software Linux

U.S. Navy Works To Improve Linux Security 20

Posted by timothy from the gnu-linux dept.
MrPhiles writes "Just saw an article at Washington Technology talking about how the Navy is developing a Secure Auditing tool for Linux. I think it's cool that government agencies are taking steps to obtain credentials necessary for open source use in high-security environments."
This discussion has been archived. No new comments can be posted.

U.S. Navy Works To Improve Linux Security More

U.S. Navy Works To Improve Linux Security

Comments Filter:

  • Re:Great but (Score:5, Informative)

    by rritterson ( 588983 ) * on Monday May 05, 2003 @10:04PM (#5887469)
    It's not quite the same, obviously. The Navy software engineers can easily tweak and fix any holes they find. With Windows you are limited to the framework MS provides and the hope that they will fix any problems discovered.

    The NSA released documents on how to secure WinXP and Win2K server not too long ago- it was even posted on /.

  • Re:what is the kernel lacking? (Score:5, Informative)

    by Beryllium Sphere(tm) ( 193358 ) on Monday May 05, 2003 @11:02PM (#5887873) Journal
    >Would one of ya'all gurus please explain this?

    Attend, my son :-)

    The key word seems to be "forensic". They want to replace syslog with something sufficiently tamper-resistant to persuade a judge that it's good enough for legal evidence. There are already some clever hacks for this, such as hiding the real syslog process and leaving a fake one around for an intruder to disable or corrupt.

  • Re:what is the kernel lacking? (Score:3, Informative)

    by ctr2sprt ( 574731 ) on Tuesday May 06, 2003 @12:37AM (#5888401)
    There are a lot of things that can be meant by "auditing." At its most sensitive, you can audit all accesses to certain system resources (files, syscalls, device node accesses, that sort of thing), and at a more standard level you can audit failed accesses to system resources. Some of this is implemented in some way - "bad root login on tty1" - but usually when people talk about system security auditing, they are talking about a unified framework for controlling auditing of the entire system (the parts relevant to security, at least). The "unified" part is especially important because frequently you want to analyze the audit trail using automated tools, kind of like Snort and ACID, rather than viewing each entry individually. If you have 50 different programs auditing things in 50 different ways, that makes system-wide analysis much more difficult.

    This isn't the sort of thing normal people will want or need on their Linux systems, but in some environments (military, government) it's really important. And you could, of course, use it to create a honeypot, if you're into that sort of thing.

Slashdot Top Deals

Today is a good day for information-gathering. Read someone else's mail file.

Close