spun's Journal: Novell Brainshare and Miscellaneous Projects

I just got back from the Novell Brainshare conference in Salt Lake City. It was a fun week. I attended lots of sessions on Linux and other open source tools. There was free (well, someone payed for me to be there...) food, free massages, free lattes, & lots of swag. Novell had a tech lab giving lots of interesting demos, and there were several dozen vendors and ISVs present. On Wednesday, Frank Caliendo opened for Collective soul at a free concert put on by Novell and open to the general public.

Perhaps the most interesting was a tutorial on using AppArmor. It's a great system for protecting applications. Novell bought the company that produced it several years ago and open sourced it. Basically, you point AppArmor at an application and put it in learning mode. You put the app through its intended uses, and then answer a series of questions regarding what AppArmor saw it doing. For instance, the app accessed a file. You can allow, deny, or 'glob.' Meaning, put in an asterisk. So it could access any file in a particular directory. There are also a series of pre-built templates you can add which allow certain sets of operations. Then you put AppArmor in enforce mode, and it keeps the app from doing things it shouldn't. Even if its running as root.

I'm impressed with Novell's commitment to open source. They are moving everything to Linux. Netware is no more, Netware services live on in Open Enterprise Server built on Suse Linux. Novell gave a great presentation on using the GNU autotools for their partners who want to move their products to Linux. Who knew using autconf, automake, libtool, and the rest could be so easy? Not me.

I've been working on setting up a log server, analysis, reporting, and notification system recently. I'm using Linux HA to fail-over an IP address and restart syslog. The logs are stored on an OCFS2 filesystem shared by the two nodes in the cluster. I use octopussy to analyze, report, and notify, and monit as a client side add in for logging additional information.

CoreForce

[nacturation]

Sounds like CoreForce [coresecurity.com] which is a Windows-based app firewall based on OpenBSD's pf. Not sure if that came before or after AppArmor, but the premise is the same. You write firewall rules for what an app has access to -- registry entries, individual internet connections (allow gmail.google.com, disallow microsoft.com), file access, etc. It's a shame it never took off.
 

Re:

[spun]

Several cool points about AppArmor (besides the fact that it's open source). It includes a 'training mode' so instead of trying to deduce what your app will need access too, you simply put the app through its paces and then edit the resulting auto-generated configuration. It is integrated into the LSM (Linux Security Modules) framework, so it is secure. It is also much less confusing and quite a bit faster than SELinux.

One interesting demonstration presented at the session was building a limited root shell.