A fast look with some information and tips about SELinux "Security Enhanced Linux of NSA" and Novell's Open Source "AppArmor" - the future of the Linux firewalls in most of the linux distributions. the below include a briefed comparison between the two open source firewalls.

NSA's Open Source "Security Enhanced Linux"

• SELinux consider the future of the Linux OS but it's very complex and suffer lack of documentation.
• It's reommended to not use X on SELinux working Servers. (Problems with granted access control in X server)
• Security Policies are difficult to be created from scratch, Use the security policy come with the distributor.
• Has bigger performance impact than AppArmor (nearly 7 Percentage) Of perf.
• Both SELinux and AppArmor utilize the Linux Security Modules (LSM) framework,which provides security hooks for operational control of certain Linux kernel objects.
• SELinux is based on Flask Security Architecture.
• Processes are represented as domains, and objects represented as Types.
• SELinux Control processes interactions (Domain to domain)
• SELinux Control access to objects (domain to type)
• SELinux Control any entry to the domain.
• SELinux has tools such as SETools and Slat for Policy Analysis, Audit Analysis, and User management.

Novell's AppArmor:

• Original developed by ImmUnix Company. (Linux Security Company)
• Provides a policy-based approach for application-behavior enforcement.
• Automatically generating security policies through YaST.
• Pre-built security profiles for commonly used applications, such as OpenSSH, DHCP, Samba, Sendmail and MySQL.
• AppArmor has less impact on overall system performance than RedHat's SELinux ( 0 to 2 Percentage of Performance)
• Easier to develop and maintain than SELinux.
• AppArmor allow user to create a profile (Policy) to describe which files any application can use.
• AppArmor defined profile for application specifies program capabilities (POSIX.1e) and set of files the program can access.
• Both SELinux and AppArmor utilize the Linux Security Modules (LSM) framework,which provides security hooks for operational control of certain Linux kernel objects.
• AppArmor comes with System analyzer called UNCONFINED (Scan open ports, listening programs, programs' related profiles
• AppArmor comes with pre-built profiles for network input data such as docs from mails, or ssh clients.
• AppArmor comes with pre-build profiles for local input devices such as keyboard, mouse, card reader .. etc
• AppArmor includes a Log Analyzing program that help user to create program profile in "Learning Mode".
• AppArmor Learning Mode allow to build the application profile by
• Running the application and observing what it does and produce the output to log file.
• Log Analysis Program scans the log file and prompt the user with questions.
• Upon questions, automatically create the program's profile.
• Learning Mode and Log Analyzer can be incrementally improved.
• Ability to use Application profile for forked child processes of application or create its own profiles or leave it unprofiled.
• Ability to monitored the profiled applications through severity level of events notifications, Reports, Application Audit Reports and ability to create on demand report.
• Ability to backup built-in and defined security profiles.
• AppArmor can monitor and profile sub-applications of parent application such as Web Application from Apache by making the application "ChangeHat Aware", so any changes in Apache by adding application will be profiled automatically.