You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rajeev Prasad <rp...@yahoo.com> on 2012/03/05 04:11:39 UTC
[users@httpd] confused about modsecurity and apparmor
want to make sure my web server is highly secure.
I am not sure between modsecurity and AppArmor. can someone help with their experience?
ty
Rajeev
Re: [users@httpd] confused about modsecurity and apparmor
Posted by Mark Montague <ma...@catseye.org>.
On March 5, 2012 11:20 , Rajeev Prasad <rp...@yahoo.com> wrote:
> thx Mark, it does help to understand things better. so that mean
> grsecurity and AppArmor doing the same thing? except that grsecurity
> is much complex and harder i guess. (I wanted to do that, but does not
> have enough expertise to think of building a LAMP install on
> grsecurity patched ubuntu.)
grsecurity and AppArmor are both Mandatory Access Control (MAC) systems,
yes. But they have different strengths and weaknesses. As far as I
know, you can only run one MAC system at any given time. Two other MAC
systems which you may have heard about are SELinux and Tomoyo.
--
Mark Montague
mark@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] confused about modsecurity and apparmor
Posted by Rajeev Prasad <rp...@yahoo.com>.
thx Mark, it does help to understand things better. so that mean grsecurity and AppArmor doing the same thing? except that grsecurity is much complex and harder i guess. (I wanted to do that, but does not have enough expertise to think of building a LAMP install on grsecurity patched ubuntu.)
I will go for both AppAromr and mod_security. I will publish my notes, once i get everything done right.
________________________________
From: Mark Montague <ma...@catseye.org>
To: users@httpd.apache.org
Cc: Rajeev Prasad <rp...@yahoo.com>
Sent: Monday, March 5, 2012 7:03 AM
Subject: Re: [users@httpd] confused about modsecurity and apparmor
On March 4, 2012 22:11 , Rajeev Prasad <rp...@yahoo.com> wrote:
> want to make sure my web server is highly secure.
> I am not sure between modsecurity and AppArmor. can someone help with their experience?
mod_security is a web application firewall that works at the HTTP level to protect the web server and web application from attacks. You can add rules to prevent specific exploits, or to implement policies (e.g., block requests that appear to contain credit card numbers or other sensitive data). See https://modsecurity.org/projects/modsecurity/apache/
AppArmor is a Mandatory Access Control system that works at the operating system level. It restricts what programs running on the system, such as Apache HTTP Server, are allowed to do. For example, if someone exploits a security vulnerability in a web application you are running to gain control of Apache, AppArmor can prevent the attacker from opening an outgoing IRC connection. More importantly, AppArmor can detect that Apache has TRIED to do something that it shouldn't be doing, thus alerting you to the attacker's presence. See https://en.wikipedia.org/wiki/Apparmor
Normally, you would not choose "between" mod_security and AppArmor: both can be used together, and they complement each other to provide defense in depth.
I hope this helps.
--
Mark Montague
mark@catseye.org
Re: [users@httpd] confused about modsecurity and apparmor
Posted by Mark Montague <ma...@catseye.org>.
On March 4, 2012 22:11 , Rajeev Prasad <rp...@yahoo.com> wrote:
> want to make sure my web server is highly secure.
> I am not sure between modsecurity and AppArmor. can someone help with
> their experience?
mod_security is a web application firewall that works at the HTTP level
to protect the web server and web application from attacks. You can add
rules to prevent specific exploits, or to implement policies (e.g.,
block requests that appear to contain credit card numbers or other
sensitive data). See https://modsecurity.org/projects/modsecurity/apache/
AppArmor is a Mandatory Access Control system that works at the
operating system level. It restricts what programs running on the
system, such as Apache HTTP Server, are allowed to do. For example, if
someone exploits a security vulnerability in a web application you are
running to gain control of Apache, AppArmor can prevent the attacker
from opening an outgoing IRC connection. More importantly, AppArmor can
detect that Apache has TRIED to do something that it shouldn't be doing,
thus alerting you to the attacker's presence. See
https://en.wikipedia.org/wiki/Apparmor
Normally, you would not choose "between" mod_security and AppArmor:
both can be used together, and they complement each other to provide
defense in depth.
I hope this helps.
--
Mark Montague
mark@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org