, Hi, I know that someone posted it before, but I couldn't find any references to a Tripwire substitute. I remember that someone asked it before and someone answerer, but I couldn't ffind. Thanks for any help. []'s On Sun, Apr 25, 2004 at 05:30:49PM +0200, Alexander Dalloz wrote: > Am So, den 25.04.2004 schrieb Peter Santiago um 16:46: > > > Hi Alexander, > > > > Well, by hardening, I mean, enhancing the security of my Fedora > > installation. I'm just doing this to gain more experience in setting up > > Linuxes boxes. I could install Fedora Core 2 test release (kernel 2.6.3 > > with SELinux), but I'd rather want to see what I can achieve using Bastille > > or other methods to make a fedora installation more secure... =^^= Hope I > > didn't sound way out of my depth.... > > > Peter Santiago peters@xxxxxxxxxxxxxxx > > Ok Peter, > > on a test machine and for learning purposes Bastille might be one way to > understand better which problem in security might appear. Taking the RPM > version I would be cautious there is no comment how good it fits for > Fedora. > > Maybe Bastille is helpful for a Linux beginner to understand some risks > and learn some "switches" for a valid security. In general I doubt it > improves security at all if you did not already did something bad with > your Fedora installation. > > It's not that easy to suggest anything specific as the range of possible > experience in Linux administration is wide and there are lots of topic > you might care about. Given that you did not accidentally open up your > system into an insecure state (like using telnet server across WAN > connections, giving users too much permissions with i.e. suid, setting > your mail server being an open relay ...) there are several concepts and > tools to "improve security". Will say, put the administrator/root into a > situation where he gets non standard information about trials hacking > the system or on the other side by prohibition of specific actions. That > may take place with: > -setting up a good set of iptables rules, securing the services you > need, and after switching off services you do not need but which run by > default (like on many Fedora installations the portmapper on port 111 is > open to the worldwide net) > - controlling network/host scanning with portsentry or psad > - restricting user and even root permissions by using kernel based > policy sets: SELinux or grsecurity > - restricting permissions and information of the administrator by using > an IDS like lids (kernel based too) > > All that said, the costs of all that is time and efforts to manage these > things: you do not need just one time setup but all security functions > need constant administration and control. > > I do not know whether that helps you seeing a bit clearer what you > consider to try. In any case it is good to care for security and it is > even worth to take a test machine/installation and to test the available > tools and switches. And certainly there are good books on the market - > not Fedora specific, but for all Linux users/admins - which cover this > topic; i.e. Linux Administration by O'Reilly. > > Alexander > > > -- > Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 > Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2179.nptl > Sirendipity 17:04:37 up 6 days, 23:50, load average: 0.06, 0.22, 0.28 > [ ?????????? ??'?????????? - gnothi seauton ] > my life is a planetarium - and you are the stars > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list -- Nelson Guedes Paulo Junior E-mail: <npaulo@xxxxxxxxxxxxxxxx> UIN: 2489382 (Tender [:alpha:]*) -------------------------------------------------------------------------------- Eu cavo, tu cavas, ele cava, nós cavamos, vós cavais, eles cavam... Não é bonito, mas é profundo. -------------------------------------------------------------------------------- "A estatística é uma maneira de se torturar os números até que eles confessem!" --------------------------------------------------------------------------------
