-1

I got recommended here to check the kernel's security level—how can I print it out on a linux machine? (SLES?)

If it’s set too low, how can I increase it? If I set it too high, can I ever set it back? How?

Do you see a scenario where it makes sense to set it to a higher value than “2” for a web server?

Community
  • 1
Matthias Ronge
  • 467
  • 1
  • 7
  • 18
  • The site you linked just describes a concept the author was developing. AFAIK it never got further than that. What was meant in the other question was more a general level of security you require. As an example, if you keep medical informations, the general level of security you'll need is higher than if you run a hobby site about growing plants. – Sven Apr 09 '13 at 13:56
  • 1
    Quite frankly, if you don't understand this, you need to learn a lot before becoming responsible for the security of a production server, on a very fundamental level. – Sven Apr 09 '13 at 13:59
  • I thought, “dawud” did mean something more technical. What is the English term for a security level on a simple web server? So every content _should_ be visible from the internet, but however the password should not, of course. – Matthias Ronge Apr 09 '13 at 14:19
  • As I said, "security level" is just an abstract term and what kind of security measurements you need to take is dependent on the kind of data you have and also on the legal requirements in your country for that kind of data. It's all completely situation dependent. – Sven Apr 09 '13 at 14:26
  • I got that. I don’t think “dawud” meant that one has to document in a general purpose question wether or not a system should fulfill the law or not. Or isn’t that a general assumption here that one wants to. My question was just how to express it in short that there is nothing requiring “extra” work, no user data at all, just some files to be browsed from the web. Security should just provide that no hackers misuse the computation power or storage of the system for their purposes. Isn’t there a general term for that? I read “brochure webserver” somewhere. Is it that? – Matthias Ronge Apr 09 '13 at 14:33
  • No, there is no such term. If you like, you could call it "basic security", but this is as arbitrary a name as everything else. – Sven Apr 09 '13 at 14:37
  • @SvW Follow the link. The security level being talked about is a concrete concept in the kernel with very specific explanations about what each level does. – Jeff Ferland Apr 09 '13 at 14:52
  • @Paramaeleon http://security.stackexchange.com – Jeff Ferland Apr 09 '13 at 18:07

1 Answers1

2

It looks like this is a custom patch that was never developed further and as best I can see not included in the mainline kernel at any point. If you have the time for it, configuring SELinux can provide you with the desired effects of this, but it has a huge learning curve.

AppArmor can be used to bound individual processes. It's less flexible, but has less of a learning curve.

Jeff Ferland
  • 20,547
  • 2
  • 62
  • 85