My question is similar to these:
From those, I understand that SELinux could accomplish my goal. But we do not have the resources to use SELinux, so I want to know if there is another way -- specifically Grsecurity (or AppArmor).
Background: In our small organization, we have a few developers and a junior sysadmin who all have full root access and physical access to the servers. They need to be able to do server maintenance and a variety of other tasks which require fairly unrestricted sudo rights.
However, these privileged users do not have the password to unlock the encrypted filesystem after rebooting. (When the server is running, they currently have full access to all files, of course. Hence my question.)
As in the referenced questions above, my requirement is that these root users not have access to data which is located under certain directories. Can this be accomplished with Grsecurity alone?
Linux Kernel Security (SELinux vs AppArmor vs Grsecurity) - nixCraft indicates that Grsecurity is a MAC (mandatory access control) but then specifies that:
it is a RBAC implementation using access control lists.
I'm not familiar with what that means. (We do use ACL'S.) I understand that a MAC will allow me to implement a policy limiting access to the directories in question even for users with full sudo rights. So will Grsecurity do this?
I believe the fully encrypted file system will prevent a user from rebooting with a live USB key (or similar) to bypass the running OS and access those locations.
Can we accomplish this goal with only Grsecurity (and ACL's)? That would be ideal. If not, can we accomplish the goal with AppArmor?