headers
Christian Schneider | 1 Jun 2002 01:31

Re: Linux Hardening

* Scott Gifford wrote:
> "Koen" <koen4security <at> hotmail.com> writes:
>
>> > Anyone know where I can find step-by-step documentation
>> > on Hardening RH Linux boxes?  I usually just use Bastille
>> > Linux to do the hardening but I'd also like a better
>> > understanding to be able to also perform the task manually
>> > as well.
>
> [...]
>
>> What I do first after installation is an 'rpm -qa > rpmfiles' and check out
>> every rpm that's in there and see wether I really do need it. If not it's
>> easily removed with rpm -e.
>
> Also:
>
> Be especially cautious of programs which have setuid/setgid
> permissions.  Use:
>
>      find /usr/bin -perm -02000 -o -perm -04000 -ls
> [ .. ]

If you really want to remove all SUID permissions you can make a
script. I wouldn't do this on any of my systems but as I said earlier. 
It is your system so if you break it. Don't say i didn`t warn you about
doing this ;)
,----
| find / -type f \( -perm -04000 \) \-exec /bin/chmod a-s {} \;
`----
(Continue reading)

Permalink | Reply | 0 comments |
headers
dewt | 1 Jun 2002 01:48
Picon

Re: IP filter or netfilters??

On Thursday 30 May 2002 05:48 pm, Tejinder Singh wrote:
> Hello all,
>
> I was just wondering which is a better open source solution for Firewall,
> IPFILTER with BSD flavors (openbsd, freebsd), or NETFILTERS with Linux, can
> somebody please tell me the pluses and minuses of both.
>
> Thanks in Advance
> Tsingh
there really aren't any significant differences in their functionality at this 
stage. however there are some interesting netfilter modules starting to 
appear. if you are familiar with one over the other, go ahead with that one, 
or if you dont have any/many machines on which ipfilter runs, it might make 
more sense to keep things consistent and go with netfilter, or the other way 
around.
Permalink | Reply | 0 comments |
headers
tc lewis | 1 Jun 2002 01:45

Re: IPtables question


perhaps the faq or one of the howto guides on
http://netfilter.samba.org/documentation/ will be of assistance.
good luck.

-tcl.

On Thu, 30 May 2002, Hristo Pandjarov wrote:

> I have trouble managing my IP tables.Could you please give me a site or
> manual for making a compleet and secure firewall?
>
> Thanks
> $me
>
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
>
Permalink | Reply | 0 comments |
headers
Dave Cooke | 1 Jun 2002 22:13
Picon
Picon
Favicon

Re: Snort or Ethereal for a relative newbie?

In-Reply-To: <BAEBKBIMJFMJDDHPLBHKMEJLILAA.Don <at> AirLink.com>

sounds like you don't have the correct version of Libpcap installed. 
Snort requires an older version. I think .04. 
I had the same problem on my RedHat 7.2 server. I had to download the 
older verion in order for snort to work.

>Received: (qmail 13616 invoked from network); 1 Jun 2002 19:27:19 -0000
>Received: from outgoing3.securityfocus.com (HELO 
outgoing.securityfocus.com) (66.38.151.27)
>  by mail.securityfocus.com with SMTP; 1 Jun 2002 19:27:19 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com 
[66.38.151.19])
>	by outgoing.securityfocus.com (Postfix) with QMQP
>	id AAAEDA312C; Sat,  1 Jun 2002 12:54:39 -0600 (MDT)
>Mailing-List: contact security-basics-help <at> securityfocus.com; run by 
ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:security-basics <at> securityfocus.com>
>List-Help: <mailto:security-basics-help <at> securityfocus.com>
>List-Unsubscribe: <mailto:security-basics-unsubscribe <at> securityfocus.com>
>List-Subscribe: <mailto:security-basics-subscribe <at> securityfocus.com>
>Delivered-To: mailing list security-basics <at> securityfocus.com
>Delivered-To: moderator for security-basics <at> securityfocus.com
>Received: (qmail 1080 invoked from network); 31 May 2002 22:42:48 -0000
>From: "Don Weber" <Don <at> AirLink.com>
>To: "Thomas Madhavan" <tmadhavan <at> ntlworld.com>,
>	"Leon Ward" <leon.ward <at> added-dimension.co.uk>
>Cc: <security-basics <at> security-focus.com>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Nir Aran | 1 Jun 2002 22:42

RE: Need a Full Drive Encryption program

Use PointSec . http://www.pointsec.com 
You'll have both pre-boot and drive .
It's the best out there .
Supports certs and x.9.9

=TAnin

-----Original Message-----
From: Tim Donahue [mailto:TDonahue <at> haynesconstruction.com]
Sent: Friday, May 31, 2002 7:55 PM
To: 'Trotter, Brian'
Cc: security-basics <at> securityfocus.com
Subject: RE: Need a Full Drive Encryption program

Make sure that the exec's don't keep the passwords written on a sheet of
paper in the laptop.  If they are anything like our exec's then the
encryption won't do anything, because the key will be in the bag.

Tim Donahue

-----Original Message-----
From: Trotter, Brian [mailto:brian.trotter <at> scottishre.com] 
Sent: Thursday, May 30, 2002 3:19 PM
To: security-basics <at> securityfocus.com
Subject: Need a Full Drive Encryption program

Sorry, I meant to send this message to the Security list... not to you
individually.

The President of my company has tasked me with finding some way to keep the
(Continue reading)

Permalink | Reply | 0 comments |
headers
Fatfinger | 1 Jun 2002 23:50
Picon
Favicon

Re: windows 2000 Intrustion Detection

If you're looking for a host-level IDS, I would recommend Symantec Intruder
Alert....

----- Original Message -----
From: "Omar Khawaja" <omarkhawaja <at> yahoo.com>
To: <jonathan <at> tranceport.net>; <security-basics <at> securityfocus.com>
Sent: Friday, May 31, 2002 5:02 PM
Subject: RE: windows 2000 Intrustion Detection

> ISS realsecure
>
>
> -----Original Message-----
> From: Jonathan Roberts [mailto:jonathan <at> tranceport.net]
> Sent: Thursday, May 30, 2002 1:49 PM
> To: security-basics <at> securityfocus.com
> Subject: windows 2000 Intrustion Detection
>
>
> Could someone just outright come out and tell me what the best package
> for intrusion detection is for a windows 2000 box.
>
>
> cheers.
>
>   - jonathan
>
>
(Continue reading)

Permalink | Reply | 2 comments |
headers
Muhammad Faisal Rauf Danka | 2 Jun 2002 00:59

Re: IPtables question

I have found the following document very informative regarding iptables.
http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html

Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk

>On 30 May 2002, at 15:59, Hristo Pandjarov wrote:
>
> I have trouble managing my IP tables.Could you please give me a site
> or manual for making a compleet and secure firewall?
> 
> Thanks
> $me

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
(Continue reading)

Permalink | Reply | 0 comments |
headers
Rob Hughes | 2 Jun 2002 02:37

Re: IP filter or netfilters??

Er... ipfilter and ipfw both have had stateful inspection much longer
than netfilter. Plus, netfilter has the unfortunate handicap of only
running on linux, and I *absolutely will not trust linux to protect my
lan*! It's great for a lot of other things, but too many kernel level
vulnerabilities keep turning up. That and netfilter hasn't been around
for several years.

On Fri, 2002-05-31 at 12:22, Alejandro Flores wrote:
> 	Hello,
> 
> 	NETFILTER does Statefull Inspection. It's a great plus for a firewall.
> If you don't know about Statefull Inspection, tell us.
> 
> See ya,
> Alejandro Flores
> Security Consultant
> http://www.ipad.com.br/
> http://www.spyket.com.br/
> 
> 
> 
> > Hello all,
> > 
> > I was just wondering which is a better open source solution for Firewall, 
> > IPFILTER with BSD flavors (openbsd, freebsd), or NETFILTERS with Linux, can 
> > somebody please tell me the pluses and minuses of both.
> > 
> > Thanks in Advance
> > Tsingh
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Pinsky, Dan | 2 Jun 2002 20:48
Picon

remove apache os banner

I have apache 1.3.19. How do I remove the os banner, so when people try to
telnet into port 80 they don't find out what type of os I am running.

Daniel Pinsky, CNA, CCNA
Security/Network Administrator
mailto:dpinsky <at> richter.ca
Permalink | Reply | 5 comments |
headers
brien mac | 3 Jun 2002 10:55

Re: IPtables question


----- Original Message -----
From: "Hristo Pandjarov" <pandjarov <at> hotmail.com>
Date: Thu, 30 May 2002 15:59:29 +0000
To: security-basics <at> securityfocus.com
Subject: IPtables question

> I have trouble managing my IP tables.Could you please give me a site or 
> manual for making a compleet and secure firewall?
> 
> Thanks
> $me

the best ive read is at http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html
> 
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
> 
> 

--

-- 
Get your free email from www.linuxmail.org 

Powered by Outblaze
Permalink | Reply | 0 comments |

Gmane