My boss asked me to harden a CentOS box by removing "hacker" tools,
such as nmap, tcpdump, nc (netcat), telnet, etc.
I would like to know which list of packages would you remove from a
base install. I would appreciate if someone could point me to a
"standard" way of doing this. I know there are procedures for
hardening a machine (I remember reading about Bastille Linux) but I
don't know how effective they are and if they include the removal of
such tools in their procedures.
Any advice would be very appreciated!
Thanks,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
06-06-2008, 11:09 PM
John R Pierce
Hardening CentOS by removing "hacker" tools
Filipe Brandenburger wrote:
Hi,
My boss asked me to harden a CentOS box by removing "hacker" tools,
such as nmap, tcpdump, nc (netcat), telnet, etc.
I would like to know which list of packages would you remove from a
base install. I would appreciate if someone could point me to a
"standard" way of doing this. I know there are procedures for
hardening a machine (I remember reading about Bastille Linux) but I
don't know how effective they are and if they include the removal of
such tools in their procedures.
those are all client-side tools. if someone gains access to them,
the box is already hacked. how exactly does that harden it?
most all of those (certainly, nmap, tcpdump and telnet) are useful
diagnostic tools for troubleshooting network connectivity issues.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
06-06-2008, 11:12 PM
Ruslan Sivak
Hardening CentOS by removing "hacker" tools
Filipe Brandenburger wrote:
Hi,
My boss asked me to harden a CentOS box by removing "hacker" tools,
such as nmap, tcpdump, nc (netcat), telnet, etc.
I would like to know which list of packages would you remove from a
base install. I would appreciate if someone could point me to a
"standard" way of doing this. I know there are procedures for
hardening a machine (I remember reading about Bastille Linux) but I
don't know how effective they are and if they include the removal of
such tools in their procedures.
Any advice would be very appreciated!
Thanks,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
I don't think that removing these tools would make the box any more
secure. If a hacker is able to get into the system through exploiting a
service, he can download the necessary tools or compile them himself.
I suggest to start setting up the firewall to only have the necessary
ports open (which is usually already done), moving anything you can to a
non standard port (especially things like ssh), and disabling any
unneeded services. You would be surprised how many attacks a public
server can get on standard ports like ssh. People will run scripts that
will just try to bruteforce a password, and can lead to DOS attacks,
especially on slower servers.
There are also tools, such as the ones that rackspace installs, that
stop port scans. They basically detect port scans and add a firewall
rule to temporarily block that ip. Does anyone know what tool that is?
Also disabling remote login as root should help.
Russ
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
06-06-2008, 11:15 PM
Erik Bussink
Hardening CentOS by removing "hacker" tools
On Fri, 2008-06-06 at 19:03 -0400, Filipe Brandenburger wrote:
> Hi,
>
> My boss asked me to harden a CentOS box by removing "hacker" tools,
> such as nmap, tcpdump, nc (netcat), telnet, etc.
>
> I would like to know which list of packages would you remove from a
> base install. I would appreciate if someone could point me to a
> "standard" way of doing this. I know there are procedures for
> hardening a machine (I remember reading about Bastille Linux) but I
> don't know how effective they are and if they include the removal of
> such tools in their procedures.
>
> Any advice would be very appreciated!
Filipe,
Have a search on google for NSA Hardening RHEL5, you will find a very
good document (pdf) which will help you start you're hardening.
Regards,
Erik
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
06-06-2008, 11:24 PM
"Dennis McLeod"
Hardening CentOS by removing "hacker" tools
They basically detect port
> scans and add a firewall rule to temporarily block that ip.
> Does anyone know what tool that is?
>
> Also disabling remote login as root should help.
>
> Russ
Fail2ban, is what you are looking for, I think....
http://www.fail2ban.org/wiki/index.php/Main_Page
Dennis
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
06-06-2008, 11:28 PM
Ruslan Sivak
Hardening CentOS by removing "hacker" tools
Dennis McLeod wrote:
They basically detect port
scans and add a firewall rule to temporarily block that ip.
Does anyone know what tool that is?
Also disabling remote login as root should help.
Russ
Fail2ban, is what you are looking for, I think....
http://www.fail2ban.org/wiki/index.php/Main_Page
Dennis
____________________________________________
Sweet, actually this looks more like what I wanted, but rackspace said
wasn't available. This bans the ips if there are a lot of password
failures.
There is also another tool which bans ips for port scans. I think it's
been discontinued, but perhaps there is another one out there?
Russ
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Hardening CentOS by removing "hacker" tools
