|
Rod Hauser wrote: Bastille is a good tool, as well as a good learning experience. So is the CISecurity benchmark http://www.cisecurity.org/bench_linux.html which is particularly designed to be non-invasive tools. Neither one will make your system bullet-proof, but both will help you keep from being the lowest-hanging fruit to be attacked. Rod RedHat have phased out Tripwire from their
EL range. They tout the use of 'RPM -V [options] [filename]' It does a
fairly decent job - if you only use RPMs for your package
installations. However - if you're aiming at hard security it would be
wise to only use base distro releases in the first case and harldy ever
compiled from archived in the second. The return values take a moment
to decipher and as of yet I haven't tried getting a cron job enabled to
do this and report anything back - although this shouldn't take very
long if one needed to.
neil. |
