Students preparing to answer question 4 of assignment 1.1 are invited to read resources referenced in these notes. Some class discussion questions are suggested below.
First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server
http://en.wikipedia.org/wiki/AppArmor
It is suggested that students discuss these questions in groups of 3-5 after reading the above articles.
1. MAC based systems are generally considered more secure than DAC based systms, but if a MAC system is difficult to implement what effect is this likely to have upon whether system administrators are likely to use it ?
2. Is AppArmor likely to be easier than SELinux to implement ? What would you have to do to prove your answer correct, rather than report someone else's published opinion ?
3. If a MAC misconfiguration occurs using SELinux or AppArmor resulting in the system administrator losing access to the configuration files for the policy concerned on a running system, how is the system administrator likely to be able to correct the problem ?