Focus on Linux
Linux Hardening Oct 11 2007 12:36PM
jvicente asft net (4 replies)
Re: Linux Hardening Nov 24 2009 04:19PM
Tony Murphy (tmurphy trustedcs com)
Re: Linux Hardening Oct 13 2007 04:06AM
Jure Krasovic (jure krasovic lusp com) (2 replies)
Re: Linux Hardening Oct 17 2007 02:48PM
Liran Cohen (theog rct co il)
RE: Linux Hardening Oct 16 2007 09:02PM
rchamberland (rchamberland chs ca) (1 replies)
RE: Linux Hardening Oct 17 2007 02:18PM
Jackson, Ben (ITD) (Ben Jackson state ma us)
Re: Linux Hardening Oct 12 2007 06:10AM
Nikhil Wagholikar (visitnikhil gmail com) (1 replies)
Re: Linux Hardening Oct 12 2007 04:36PM
Sonixxfx (sonixxfx gmail com)
Re: Linux Hardening Oct 11 2007 08:21PM
Matthew Lee Hinman (matthew hinman gmail com) (2 replies)
RE: Linux Hardening Oct 11 2007 11:58PM
Joe_Wulf (Joe_Wulf yahoo com) (1 replies)
RE: Linux Hardening Oct 17 2007 06:18AM
Uzair Hashmi (uzair kse com pk)
RE: Linux Hardening Oct 11 2007 09:03PM
JP Vicente (jvicente asft net) (3 replies)
Re: Linux Hardening Oct 17 2007 09:53PM
David Francos Cuartero (XayOn) (yo orco gmail com)
Re: Linux Hardening Oct 12 2007 02:04AM
Matthew Lee Hinman (matthew hinman gmail com)
RE: Linux Hardening Oct 12 2007 01:43AM
Joe_Wulf (Joe_Wulf yahoo com) (1 replies)
RE: Linux Hardening Oct 12 2007 04:08PM
Smith Jr, Harry E (harry e smith jr lmco com) (1 replies)
RE: Linux Hardening Oct 12 2007 05:54PM
druid stonedcoder org
I would take a serious look at gentoo-hardened, modern system hardening
includes things like applying patches to the kernel to utilize canary
values to detect memory based attacks, inserting random spacing so memory
addresses commonly used to exploit an executable are harder to hit, making
sure users can not see other users processes, and then all kinds of
service specific stuff depending on what kind of services you want to run.
The gentoo hardened project has taken a more holistic approach, though the
learning curve on installing/using gentoo is a lot sharper then redhat.

Also don't forget the basics of making sure every service that provides
any type of authentication has a lockout defined to thwart brute forcing,
and that you are enforcing password complexity rules. Also disabling root
login from the WAN is a good idea, and if possible require users to get a
VPN established to your colocation to utilize services, though outside of
an enterprise this is near impossible, but SSL-VPN technologies do make it
a lot easier.

-Eric

On Fri, 12 Oct 2007, Smith Jr, Harry E wrote:

> I spoofed the Name in the /etc/redhat-release to RH4. Everything worked
> fine.
>
>
> -------------------------------------------------------------
> Harry E Smith Jr.
> Senior Staff System Engineering
> (408) 473 6491 (work)
> (408) 888 5209 (cell)
> (877) 635 1529 (pager)
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of Joe_Wulf
> Sent: Thursday, October 11, 2007 6:43 PM
> To: 'JP Vicente'; 'Matthew Lee Hinman'
> Cc: focus-linux (at) securityfocus (dot) com [email concealed]; Jay Beale
> Subject: RE: Linux Hardening
>
> That's pretty normal behavior, actually. RHEL5 (32 and 64 bit) reports
> this as well.
> Bastille has been developed for older versions of RHEL. A newer version
> of the OS has been published/released, but Bastille hasn't yet been
> updated.
>
> Do make sure you've got a compatible version of Perl-Tk installed along
> with bastille.
>
> R,
> -Joe Wulf, CISSP, USN(RET)
> Senior IA Engineer
> ProSync Technology Group, LLC
> www.prosync.com
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of JP Vicente
> Sent: Thursday, October 11, 2007 17:04
> To: Matthew Lee Hinman
> Cc: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: RE: Linux Hardening
>
> Below is the exact error that I got when I ran Bastille on FC7 and
> RHEL5.
>
>
> [root@localhost ~]# InteractiveBastille
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> NOTE: Valid display found; defaulting to Tk (X) interface.
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> NOTE: Using Tk user interface module.
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> NOTE: Only displaying questions relevant to the current
> configuration.
> ERROR: Couldn't determine Red Hat version! Setting to 9!
> ERROR: Could not load the 'Tk.pm' interface module.This may be due to
> an
> invalid $DISPLAY setting,or the module not being visible to
> Perl.
>
>
> -----Original Message-----
> From: Matthew Lee Hinman [mailto:matthew.hinman (at) gmail (dot) com [email concealed]]
> Sent: Thursday, October 11, 2007 4:21 PM
> To: JP Vicente
> Cc: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: Re: Linux Hardening
>
> The tool is still being actively developed and supported. 3.09 is indeed
> the latest verion (found here:
> http://bastille-linux.sourceforge.net/index.html)
> Can you give a little bit more info about how this isn't working on
> later versions of Linux? (like an error message, etc)
>
> - Lee
>
> * jvicente (at) asft (dot) net [email concealed] <jvicente (at) asft (dot) net [email concealed]> [2007-10-11 12:36:39 -0000]:
>
>> Hi,
>>
>>
>> I was looking for a Linux hardening tool. I found Bastille. The latest
>> = version
> that I was able to find is 3.09. I cannot seem to get this = version to
> work on later versions of Linux (RHEL 5, FC 6,7) = distributions.
>>
>>
>> Is this tool still being supported? Is there a similar tool out there?
>>
>>
>> Thanks in advance,
>>
>> JP
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.8/1063 - Release Date:
> 10/11/2007 9:11 AM
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.8/1063 - Release Date:
> 10/11/2007 9:11 AM
>
>
>
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus