thx Mark, it does help to understand things better. so that mean grsecurity and AppArmor doing the same thing? except that grsecurity is much complex and harder i guess. (I wanted to do that, but does not have enough expertise to think of building a LAMP install on grsecurity patched ubuntu.) I will go for both AppAromr and mod_security. I will publish my notes, once i get everything done right.
________________________________ From: Mark Montague <m...@catseye.org> To: users@httpd.apache.org Cc: Rajeev Prasad <rp.ne...@yahoo.com> Sent: Monday, March 5, 2012 7:03 AM Subject: Re: [users@httpd] confused about modsecurity and apparmor On March 4, 2012 22:11 , Rajeev Prasad <rp.ne...@yahoo.com> wrote: > want to make sure my web server is highly secure. > I am not sure between modsecurity and AppArmor. can someone help with their > experience? mod_security is a web application firewall that works at the HTTP level to protect the web server and web application from attacks. You can add rules to prevent specific exploits, or to implement policies (e.g., block requests that appear to contain credit card numbers or other sensitive data). See https://modsecurity.org/projects/modsecurity/apache/ AppArmor is a Mandatory Access Control system that works at the operating system level. It restricts what programs running on the system, such as Apache HTTP Server, are allowed to do. For example, if someone exploits a security vulnerability in a web application you are running to gain control of Apache, AppArmor can prevent the attacker from opening an outgoing IRC connection. More importantly, AppArmor can detect that Apache has TRIED to do something that it shouldn't be doing, thus alerting you to the attacker's presence. See https://en.wikipedia.org/wiki/Apparmor Normally, you would not choose "between" mod_security and AppArmor: both can be used together, and they complement each other to provide defense in depth. I hope this helps. -- Mark Montague m...@catseye.org
