Chapter 13. Kernel EnhancementsUp until this point, you've seen how to create, install, and troubleshoot a Linux firewall using iptables. A firewall is an integral piece, a layer if you will, of the defense-in-depth strategy that has become popular. However, a firewall doesn't protect against attacks on your data that originate from the inside of the firewall. A firewall is also only as good as the security of the device or computer on which it runs. If you don't keep the firewall's software up-to-date or if you run unnecessary services on the firewall computer, that could compromise the security. Various kernel enhancements can be applied to make the computer that much more secure at this important level. Specifically, this chapter looks at two kernel enhancements: Security Enhanced Linux, known as SELinux, and Greater Security, known as GrSecurity. This chapter also walks through how to build your own kernel and apply the GrSecurity patch. |