httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajeev Prasad <rp.ne...@yahoo.com>
Subject Re: [users@httpd] confused about modsecurity and apparmor
Date Mon, 05 Mar 2012 16:20:02 GMT
thx Mark, it does help to understand things better. so that mean grsecurity and AppArmor doing
the same thing? except that grsecurity is much complex and harder i guess. (I wanted to do
that, but does not have enough expertise to think of building a LAMP install on grsecurity
patched ubuntu.)
 
I will go for both AppAromr and mod_security. I will publish my notes, once i get everything
done right.


________________________________
From: Mark Montague <mark@catseye.org>
To: users@httpd.apache.org 
Cc: Rajeev Prasad <rp.neuli@yahoo.com> 
Sent: Monday, March 5, 2012 7:03 AM
Subject: Re: [users@httpd] confused about modsecurity and apparmor

On March 4, 2012 22:11 , Rajeev Prasad <rp.neuli@yahoo.com> wrote:
> want to make sure my web server is highly secure.
> I am not sure between modsecurity and AppArmor. can someone help with their experience?

mod_security is a web application firewall that works at the HTTP level to protect the web
server and web application from attacks.  You can add rules to prevent specific exploits,
or to implement policies (e.g., block requests that appear to contain credit card numbers
or other sensitive data).  See https://modsecurity.org/projects/modsecurity/apache/

AppArmor is a Mandatory Access Control system that works at the operating system level. 
It restricts what programs running on the system, such as Apache HTTP Server, are allowed
to do.  For example, if someone exploits a security vulnerability in a web application you
are running to gain control of Apache, AppArmor can prevent the attacker from opening an outgoing
IRC connection.  More importantly, AppArmor can detect that Apache has TRIED to do something
that it shouldn't be doing, thus alerting you to the attacker's presence.  See https://en.wikipedia.org/wiki/Apparmor

Normally, you would not choose "between" mod_security and AppArmor:  both can be used together,
and they complement each other to provide defense in depth.

I hope this helps.

--
  Mark Montague
  mark@catseye.org
Mime
View raw message