On Mon, Nov 30, 2015 at 3:54 PM, rysiek <rysiek@hackerspace.pl> wrote:
Dnia poniedziałek, 30 listopada 2015 11:46:27 Steve Kinney pisze:
On 11/30/2015 04:24 AM, James Harrison wrote:
On 29/11/2015 17:28, c4p0 wrote:
someone can give me your opinion about it?
SELinux on Jessie is a nightmare since there's no maintainers for the refpolicy/MLS packages any more.
AppArmor is probably the way to go, though it's pretty limited in what it can do.
A feature comparison;
http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html
Yet another option: Create your own 'Live DVD' from a shiny new security-enhanced OS instance, use encrypted R/W media for data file persistence. Anything that does climb out of its sandbox won't persist beyond the current session.
:o)
Actually, I was thinking of using a doctored SD card for the /boot partition. Question is: is it possible to *physically* disable writes on an SD card?
CDs/DVDs are so unwieldy...
-- Pozdrawiam, Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
Except anything that writes to your other hardware, firmwares, BIOS etc... R/O is a good idea, though. Just, don't consider it the 'silver bullet'. -- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>