Re: Hardening Fedora...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



,

Hi,

I know that someone posted it before, but I couldn't find any references
to a Tripwire substitute.

I remember that someone asked it before and someone answerer, but I
couldn't ffind.

Thanks for any help.

[]'s


On Sun, Apr 25, 2004 at 05:30:49PM +0200, Alexander Dalloz wrote:
> Am So, den 25.04.2004 schrieb Peter Santiago um 16:46:
> 
> > Hi Alexander,
> > 
> > Well,  by hardening, I mean, enhancing the security of my Fedora
> > installation.  I'm just doing this to gain more experience in setting up
> > Linuxes boxes.  I could install Fedora Core 2 test release (kernel 2.6.3
> > with SELinux), but I'd rather want to see what I can achieve using Bastille
> > or other methods to make a fedora installation more secure... =^^=  Hope I
> > didn't sound way out of my depth....
> 
> > Peter Santiago         peters@xxxxxxxxxxxxxxx
> 
> Ok Peter,
> 
> on a test machine and for learning purposes Bastille might be one way to
> understand better which problem in security might appear. Taking the RPM
> version I would be cautious there is no comment how good it fits for
> Fedora.
> 
> Maybe Bastille is helpful for a Linux beginner to understand some risks
> and learn some "switches" for a valid security. In general I doubt it
> improves security at all if you did not already did something bad with
> your Fedora installation.
> 
> It's not that easy to suggest anything specific as the range of possible
> experience in Linux administration is wide and there are lots of topic
> you might care about. Given that you did not accidentally open up your
> system into an insecure state (like using telnet server across WAN
> connections, giving users too much permissions with i.e. suid, setting
> your mail server being an open relay ...) there are several concepts and
> tools to "improve security". Will say, put the administrator/root into a
> situation where he gets non standard information about trials hacking
> the system or on the other side by prohibition of specific actions. That
> may take place with:
> -setting up a good set of iptables rules, securing the services you
> need, and after switching off services you do not need but which run by
> default (like on many Fedora installations the portmapper on port 111 is
> open to the worldwide net)
> - controlling network/host scanning with portsentry or psad
> - restricting user and even root permissions by using kernel based
> policy sets: SELinux or grsecurity
> - restricting permissions and information of the administrator by using
> an IDS like lids (kernel based too)
> 
> All that said, the costs of all that is time and efforts to manage these
> things: you do not need just one time setup but all security functions
> need constant administration and control.
> 
> I do not know whether that helps you seeing a bit clearer what you
> consider to try. In any case it is good to care for security and it is
> even worth to take a test machine/installation and to test the available
> tools and switches. And certainly there are good books on the market -
> not Fedora specific, but for all Linux users/admins - which cover this
> topic; i.e. Linux Administration by O'Reilly.
> 
> Alexander
> 
> 
> -- 
> Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
> Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2179.nptl
> Sirendipity 17:04:37 up 6 days, 23:50, load average: 0.06, 0.22, 0.28 
>                    [ ?????????? ??'?????????? - gnothi seauton ]
>              my life is a planetarium - and you are the stars



> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list


-- 
Nelson Guedes Paulo Junior   
E-mail:  <npaulo@xxxxxxxxxxxxxxxx>   UIN: 2489382 (Tender [:alpha:]*)
--------------------------------------------------------------------------------
Eu cavo, tu cavas, ele cava, nós cavamos, vós cavais, eles cavam... 
Não é bonito, mas é profundo.
--------------------------------------------------------------------------------
"A estatística é uma maneira de se torturar os números até que eles confessem!"
--------------------------------------------------------------------------------



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux