Novell’s Armor is Coming Undone

The gloves are now officially off in the open source battle for enhanced
Linux application security.

Novell is open sourcing its AppArmor framework under the GPL license
and will compete head on against the NSA and Red Hat backed SELinux (Security Enhanced).

AppArmor has been in Novell’s product portfolio since the May 2005 acquisition of Immunix.

It provides a policy-based approach for
application-behavior enforcement intended to help prevent malicious
activities. Pre-built security profiles for commonly used applications, such
as OpenSSH, DHCP, Samba, Sendmail and MySQL, as well a wizard driven
interface to create new policies, are all part of AppArmor.

SELinux Linux has been part of Red Hat’s Fedora since May of 2004 and is part of Red Hat Enterprise Linux 4 .

SELinux offers a similar approach to AppArmor in that it
defines access controls for application security. Both applications utilize
the Linux Security Modules (LSM) framework,which provides security hooks for
operational control of certain Linux kernel objects.

Novell spokesperson Kevan Barney explained that among the reasons why
AppArmor is now being open sourced is the fact that “the need is now.”

“As hackers get better at attacking systems through vulnerable
applications, application security has increased in importance,” Barney told
internetnews.com. “Our customers are looking for ways to implement this
across their enterprise networks.”

“AppArmor provides a way to deploy this type of security today without a
huge investment in resources.”

According to Barney, the open sourcing of AppArmor gives the community an
easier-to-use alternative to SELinux and provides application developers a
set of tools for implementing application security.

It also means that
Novell can integrate the AppArmor Linux application security framework
across its entire Linux product line.

There will be no functional differences between the AppArmor code
currently shipping from Novell and the code that is now open sourced. Barney
explained that the code released under Novell Forge and integrated into
openSUSE represents two branches of development.

One of them is a stable
codebase integrated into openSUSE that will provide the base AppArmor
software for inclusion in SUSE Linux Enterprise Server. The other is a
development branch with a more forward-looking code base that will include
development efforts that are not yet integrated into Novell products.

The AppArmor application is now available via the Novell Forge development environment and is a part of its
OpenSUSE effort.

Integrated packages are also included with SUSE Linux Enterprise Server 9, Service Pack 3 and are expected to be included in the Jan. 19 SUSE Linux release.