Windows has a number of programs (generally referred to as Host-based Intrusion Prevention Systems) that offer protection against difficult security threats (such as zero-day exploits) by blocking potentially dangerous program behavior and asking the user whether to allow it. Linux has the "blocking behavior" part well covered by features such as SELinux and AppArmor, but is there anything (eg, a GUI for these features) that allows the decisions to allow behavior or to create new rules to be made interactively as the computer is used?
Asked
Active
Viewed 2,948 times
4
-
I think there isn't... but I'm still looking for it. So far, the closest I've found is aa-logprf, aa-genprof and apparmor-easyprofile (http://manpages.ubuntu.com/manpages/precise/man8/aa-easyprof.8.html), but it's not truly interactive. – alci Apr 28 '15 at 08:16
1 Answers
0
A HIPS is not necessary. If you want something that "locks down processes" then you should look into SELinux or AppArmor. I recommend AppArmor if you're a newb. Both SELinux and AppArmor are what are known as Mandatory Access Controls.
And, oh yeah, if you want a HIDS, then I suggest AIDE (free version of Tripwire), as the guy above mentioned.
Eds_k
- 111
- 1
-
1Please read [How do I recommend software](https://meta.superuser.com/questions/5329/how-do-i-recommend-software-in-my-answers/5330#5330) for some tips as to how you should go about recommending software. You should provide at least a link, some additional information about the software itself, and how it can be used to solve the problem in the question. – DavidPostill Dec 24 '16 at 10:25
-
@Eds_k if you know what Pupy is, you'll know why a HIPS is absolutely necessary. – Tcll Feb 13 '19 at 13:27