RealTime IT News

Novell's Armor is Coming Undone

The gloves are now officially off in the open source battle for enhanced Linux application security.

Novell is open sourcing its AppArmor framework under the GPL license and will compete head on against the NSA and Red Hat backed SELinux (Security Enhanced).

AppArmor has been in Novell's product portfolio since the May 2005 acquisition of Immunix.

It provides a policy-based approach for application-behavior enforcement intended to help prevent malicious activities. Pre-built security profiles for commonly used applications, such as OpenSSH, DHCP, Samba, Sendmail and MySQL, as well a wizard driven interface to create new policies, are all part of AppArmor.

SELinux Linux has been part of Red Hat's Fedora since May of 2004 and is part of Red Hat Enterprise Linux 4 .

SELinux offers a similar approach to AppArmor in that it defines access controls for application security. Both applications utilize the Linux Security Modules (LSM) framework,which provides security hooks for operational control of certain Linux kernel objects.

Novell spokesperson Kevan Barney explained that among the reasons why AppArmor is now being open sourced is the fact that "the need is now."

"As hackers get better at attacking systems through vulnerable applications, application security has increased in importance," Barney told internetnews.com. "Our customers are looking for ways to implement this across their enterprise networks."

"AppArmor provides a way to deploy this type of security today without a huge investment in resources."

According to Barney, the open sourcing of AppArmor gives the community an easier-to-use alternative to SELinux and provides application developers a set of tools for implementing application security.

It also means that Novell can integrate the AppArmor Linux application security framework across its entire Linux product line.

There will be no functional differences between the AppArmor code currently shipping from Novell and the code that is now open sourced. Barney explained that the code released under Novell Forge and integrated into openSUSE represents two branches of development.

One of them is a stable codebase integrated into openSUSE that will provide the base AppArmor software for inclusion in SUSE Linux Enterprise Server. The other is a development branch with a more forward-looking code base that will include development efforts that are not yet integrated into Novell products.

The AppArmor application is now available via the Novell Forge development environment and is a part of its OpenSUSE effort.

Integrated packages are also included with SUSE Linux Enterprise Server 9, Service Pack 3 and are expected to be included in the Jan. 19 SUSE Linux release.