|
|
Focus on Linux
Linux Hardening Oct 11 2007 12:36PM jvicente asft net (4 replies) Re: Linux Hardening Oct 13 2007 04:06AM Jure Krasovic (jure krasovic lusp com) (2 replies) Re: Linux Hardening Oct 11 2007 08:21PM Matthew Lee Hinman (matthew hinman gmail com) (2 replies) RE: Linux Hardening Oct 11 2007 09:03PM JP Vicente (jvicente asft net) (3 replies) |
|
Privacy Statement |
includes things like applying patches to the kernel to utilize canary
values to detect memory based attacks, inserting random spacing so memory
addresses commonly used to exploit an executable are harder to hit, making
sure users can not see other users processes, and then all kinds of
service specific stuff depending on what kind of services you want to run.
The gentoo hardened project has taken a more holistic approach, though the
learning curve on installing/using gentoo is a lot sharper then redhat.
Also don't forget the basics of making sure every service that provides
any type of authentication has a lockout defined to thwart brute forcing,
and that you are enforcing password complexity rules. Also disabling root
login from the WAN is a good idea, and if possible require users to get a
VPN established to your colocation to utilize services, though outside of
an enterprise this is near impossible, but SSL-VPN technologies do make it
a lot easier.
-Eric
On Fri, 12 Oct 2007, Smith Jr, Harry E wrote:
> I spoofed the Name in the /etc/redhat-release to RH4. Everything worked
> fine.
>
>
> -------------------------------------------------------------
> Harry E Smith Jr.
> Senior Staff System Engineering
> (408) 473 6491 (work)
> (408) 888 5209 (cell)
> (877) 635 1529 (pager)
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of Joe_Wulf
> Sent: Thursday, October 11, 2007 6:43 PM
> To: 'JP Vicente'; 'Matthew Lee Hinman'
> Cc: focus-linux (at) securityfocus (dot) com [email concealed]; Jay Beale
> Subject: RE: Linux Hardening
>
> That's pretty normal behavior, actually. RHEL5 (32 and 64 bit) reports
> this as well.
> Bastille has been developed for older versions of RHEL. A newer version
> of the OS has been published/released, but Bastille hasn't yet been
> updated.
>
> Do make sure you've got a compatible version of Perl-Tk installed along
> with bastille.
>
> R,
> -Joe Wulf, CISSP, USN(RET)
> Senior IA Engineer
> ProSync Technology Group, LLC
> www.prosync.com
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of JP Vicente
> Sent: Thursday, October 11, 2007 17:04
> To: Matthew Lee Hinman
> Cc: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: RE: Linux Hardening
>
> Below is the exact error that I got when I ran Bastille on FC7 and
> RHEL5.
>
>
> [root@localhost ~]# InteractiveBastille
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> NOTE: Valid display found; defaulting to Tk (X) interface.
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> NOTE: Using Tk user interface module.
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> NOTE: Only displaying questions relevant to the current
> configuration.
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> ERROR: Could not load the 'Tk.pm' interface module.This may be due to
> an
> invalid $DISPLAY setting,or the module not being visible to
> Perl.
>
>
> -----Original Message-----
> From: Matthew Lee Hinman [mailto:matthew.hinman (at) gmail (dot) com [email concealed]]
> Sent: Thursday, October 11, 2007 4:21 PM
> To: JP Vicente
> Cc: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: Re: Linux Hardening
>
> The tool is still being actively developed and supported. 3.09 is indeed
> the latest verion (found here:
> http://bastille-linux.sourceforge.net/index.html)
> Can you give a little bit more info about how this isn't working on
> later versions of Linux? (like an error message, etc)
>
> - Lee
>
> * jvicente (at) asft (dot) net [email concealed] <jvicente (at) asft (dot) net [email concealed]> [2007-10-11 12:36:39 -0000]:
>
>> Hi,
>>
>>
>> I was looking for a Linux hardening tool. I found Bastille. The latest
>> = version
> that I was able to find is 3.09. I cannot seem to get this = version to
> work on later versions of Linux (RHEL 5, FC 6,7) = distributions.
>>
>>
>> Is this tool still being supported? Is there a similar tool out there?
>>
>>
>> Thanks in advance,
>>
>> JP
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.8/1063 - Release Date:
> 10/11/2007 9:11 AM
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.8/1063 - Release Date:
> 10/11/2007 9:11 AM
>
>
>
>
>
[ reply ]