FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-06-2008, 11:03 PM
"Filipe Brandenburger"
 
Default Hardening CentOS by removing "hacker" tools

Hi,

My boss asked me to harden a CentOS box by removing "hacker" tools,
such as nmap, tcpdump, nc (netcat), telnet, etc.

I would like to know which list of packages would you remove from a
base install. I would appreciate if someone could point me to a
"standard" way of doing this. I know there are procedures for
hardening a machine (I remember reading about Bastille Linux) but I
don't know how effective they are and if they include the removal of
such tools in their procedures.

Any advice would be very appreciated!

Thanks,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-06-2008, 11:09 PM
John R Pierce
 
Default Hardening CentOS by removing "hacker" tools

Filipe Brandenburger wrote:

Hi,

My boss asked me to harden a CentOS box by removing "hacker" tools,
such as nmap, tcpdump, nc (netcat), telnet, etc.

I would like to know which list of packages would you remove from a
base install. I would appreciate if someone could point me to a
"standard" way of doing this. I know there are procedures for
hardening a machine (I remember reading about Bastille Linux) but I
don't know how effective they are and if they include the removal of
such tools in their procedures.



those are all client-side tools. if someone gains access to them,
the box is already hacked. how exactly does that harden it?


most all of those (certainly, nmap, tcpdump and telnet) are useful
diagnostic tools for troubleshooting network connectivity issues.





_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-06-2008, 11:12 PM
Ruslan Sivak
 
Default Hardening CentOS by removing "hacker" tools

Filipe Brandenburger wrote:

Hi,

My boss asked me to harden a CentOS box by removing "hacker" tools,
such as nmap, tcpdump, nc (netcat), telnet, etc.

I would like to know which list of packages would you remove from a
base install. I would appreciate if someone could point me to a
"standard" way of doing this. I know there are procedures for
hardening a machine (I remember reading about Bastille Linux) but I
don't know how effective they are and if they include the removal of
such tools in their procedures.

Any advice would be very appreciated!

Thanks,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

I don't think that removing these tools would make the box any more
secure. If a hacker is able to get into the system through exploiting a
service, he can download the necessary tools or compile them himself.

I suggest to start setting up the firewall to only have the necessary
ports open (which is usually already done), moving anything you can to a
non standard port (especially things like ssh), and disabling any
unneeded services. You would be surprised how many attacks a public
server can get on standard ports like ssh. People will run scripts that
will just try to bruteforce a password, and can lead to DOS attacks,
especially on slower servers.


There are also tools, such as the ones that rackspace installs, that
stop port scans. They basically detect port scans and add a firewall
rule to temporarily block that ip. Does anyone know what tool that is?


Also disabling remote login as root should help.

Russ


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-06-2008, 11:15 PM
Erik Bussink
 
Default Hardening CentOS by removing "hacker" tools

On Fri, 2008-06-06 at 19:03 -0400, Filipe Brandenburger wrote:
> Hi,
>
> My boss asked me to harden a CentOS box by removing "hacker" tools,
> such as nmap, tcpdump, nc (netcat), telnet, etc.
>
> I would like to know which list of packages would you remove from a
> base install. I would appreciate if someone could point me to a
> "standard" way of doing this. I know there are procedures for
> hardening a machine (I remember reading about Bastille Linux) but I
> don't know how effective they are and if they include the removal of
> such tools in their procedures.
>
> Any advice would be very appreciated!

Filipe,

Have a search on google for NSA Hardening RHEL5, you will find a very
good document (pdf) which will help you start you're hardening.

Regards,
Erik

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-06-2008, 11:24 PM
"Dennis McLeod"
 
Default Hardening CentOS by removing "hacker" tools

They basically detect port
> scans and add a firewall rule to temporarily block that ip.
> Does anyone know what tool that is?
>
> Also disabling remote login as root should help.
>
> Russ


Fail2ban, is what you are looking for, I think....

http://www.fail2ban.org/wiki/index.php/Main_Page

Dennis

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-06-2008, 11:28 PM
Ruslan Sivak
 
Default Hardening CentOS by removing "hacker" tools

Dennis McLeod wrote:
They basically detect port

scans and add a firewall rule to temporarily block that ip.
Does anyone know what tool that is?


Also disabling remote login as root should help.

Russ




Fail2ban, is what you are looking for, I think....

http://www.fail2ban.org/wiki/index.php/Main_Page

Dennis

____________________________________________



Sweet, actually this looks more like what I wanted, but rackspace said
wasn't available. This bans the ips if there are a lot of password
failures.


There is also another tool which bans ips for port scans. I think it's
been discontinued, but perhaps there is another one out there?


Russ


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:18 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org