Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Red Hat Linux (http://www.linux-archive.org/red-hat-linux/)
-   -   tool to check security (http://www.linux-archive.org/red-hat-linux/483877-tool-check-security.html)

ESGLinux 02-01-2011 03:02 PM

tool to check security
 
Hi all,

I have received a machine with RHEL 5.1installed and I have to put in a
production enviroment with other machines I have installed.

I havenīt installed this machine and I want to check if it is secured and it
canīt make problems with my systems.

Long time ago I used a tool that your run on a system (perhaps it was a
Suse... I used to work with Suse in the past) and it gave me a report for
possible security problems but I canīt remmember which tool was.

Any one knows a tool that makes this work?

thanks in advance,

ESG
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Ben 02-01-2011 03:26 PM

tool to check security
 
On Tue, 1 Feb 2011, ESGLinux wrote:

I have received a machine with RHEL 5.1 installed and I have to put in a
production enviroment with other machines I have installed.


I havenīt installed this machine and I want to check if it is secured and
it canīt make problems with my systems.


Long time ago I used a tool that your run on a system (perhaps it was a
Suse... I used to work with Suse in the past) and it gave me a report for
possible security problems but I canīt remmember which tool was.


Any one knows a tool that makes this work?


I'd probably download and try a Nessus locally.

Ben
--
Unix Support, MISD, University of Cambridge, England
Plugger of wire, typer of keyboard, imparter of Clue
Life Is Short. It's All Good.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

02-01-2011 03:28 PM

tool to check security
 
ESGLinux wrote:
>
> I have received a machine with RHEL 5.1installed and I have to put in a
> production enviroment with other machines I have installed.

First, I'd yum update or up2date it to the current 5.5 (5.6?).
>
> I havenīt installed this machine and I want to check if it is secured and
> it canīt make problems with my systems.
>
> Long time ago I used a tool that your run on a system (perhaps it was a
> Suse... I used to work with Suse in the past) and it gave me a report for
> possible security problems but I canīt remmember which tool was.
>
> Any one knows a tool that makes this work?

There are a number of tools, but it depends on what you want to do with
the box. For example, nmap will scan ports. On the other hand, there's my
favorite, Bastille Linux, which is not a distro, but a package that's a
set of hardening scripts, and will walk you through shutting down or
removing everything you don't need. I've used that on a box I was using
for years as a firewall/router.

So, what do you want to do with the box?

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

ESGLinux 02-01-2011 04:07 PM

tool to check security
 
Thanks you for your answers

First, I canīt update to 5.6 because dependencies of the applications
installed on it.

Second,

I have run nessus and nmap from outside the machine to get the problems that
a remote user can check.

What I want now is to check the problems like:
- current kernel 2.6.18-53.el5 has pottential security problems... (CVE,
....)
- the user John has not password and a valid shell....
- given a package which CVEs affects this package

Something like these.

Iīm going to give a try to bastille although the tool Iīm looking for was a
shell command....

Thanks again,

ESG












2011/2/1 <m.roth@5-cent.us>

> ESGLinux wrote:
> >
> > I have received a machine with RHEL 5.1installed and I have to put in a
> > production enviroment with other machines I have installed.
>
> First, I'd yum update or up2date it to the current 5.5 (5.6?).
> >
> > I havenīt installed this machine and I want to check if it is secured and
> > it canīt make problems with my systems.
> >
> > Long time ago I used a tool that your run on a system (perhaps it was a
> > Suse... I used to work with Suse in the past) and it gave me a report for
> > possible security problems but I canīt remmember which tool was.
> >
> > Any one knows a tool that makes this work?
>
> There are a number of tools, but it depends on what you want to do with
> the box. For example, nmap will scan ports. On the other hand, there's my
> favorite, Bastille Linux, which is not a distro, but a package that's a
> set of hardening scripts, and will walk you through shutting down or
> removing everything you don't need. I've used that on a box I was using
> for years as a firewall/router.
>
> So, what do you want to do with the box?
>
> mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

02-01-2011 05:29 PM

tool to check security
 
ESGLinux wrote:
<snip>
> What I want now is to check the problems like:
> - current kernel 2.6.18-53.el5 has pottential security problems... (CVE,
> ....)
> - the user John has not password and a valid shell....
> - given a package which CVEs affects this package
>
> Something like these.

Hmmm, there are things like chkrootkit, but I'm not sure of any one tool
that does all of this. Things like kernel potential security problems are
usually announced by RH, and an update is offered.
>
> Iīm going to give a try to bastille although the tool Iīm looking for was
> a shell command....
>
Bastille runs as a shell command, text or graphical mode.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Rob DeSanno 02-01-2011 05:49 PM

tool to check security
 
I'm not at a pc right now but there is a yum plugin you can get and
run. I think its called yum-security and will tell you maybe what you
are looking for.

On 2/1/11, m.roth@5-cent.us <m.roth@5-cent.us> wrote:
> ESGLinux wrote:
> <snip>
>> What I want now is to check the problems like:
>> - current kernel 2.6.18-53.el5 has pottential security problems... (CVE,
>> ....)
>> - the user John has not password and a valid shell....
>> - given a package which CVEs affects this package
>>
>> Something like these.
>
> Hmmm, there are things like chkrootkit, but I'm not sure of any one tool
> that does all of this. Things like kernel potential security problems are
> usually announced by RH, and an update is offered.
>>
>> Iīm going to give a try to bastille although the tool Iīm looking for was
>> a shell command....
>>
> Bastille runs as a shell command, text or graphical mode.
>
> mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

"Paul M. Whitney" 02-01-2011 05:54 PM

tool to check security
 
ESG,

There are plenty of resources on the Internet that will provide the type of information you are seeking. A commercial tool that is popular and I imagine expensive is RETINA. It compares the content of your system against known vulnerabilities among other things. (http://www.eeye.com/Products/Retina.aspx?src=AdWords&medium=PPC&campaign=brand-retina&kw=retina%20vulnerability%20scanner&ad=5752 100123)

You can also look at NIST web pages for SCAP and OVAL for tools that may help you with securing your system. And while I would not recommend following it to the letter, there is a huge amount of tips and suggestions in the NSA SNAC Guide available here:
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

You may also want to consider reading up on the NIST Common Criteria/Protection Profiles that companies such as HP and IBM have developed to secure their systems with an Evaluated Assurance Level of 4 (EAL4).

Lastly, not upgrading your system to the latest RHEL release is going to negate any efforts you apply to this system because there have been many updates to the OS that mitigate a great deal of these vulnerabilities.

Hopefully with all the input provided to this point will give you plenty to work with.

Paul




On Feb 01, 2011, at 12:07 PM, ESGLinux <esggrupos@gmail.com> wrote:


Thanks you for your answers

First, I canīt update to 5.6 because dependencies of the applications
installed on it.

Second,

I have run nessus and nmap from outside the machine to get the problems that
a remote user can check.

What I want now is to check the problems like:
- current kernel 2.6.18-53.el5 has pottential security problems... (CVE,
...)
- the user John has not password and a valid shell....
- given a package which CVEs affects this package

Something like these.

Iīm going to give a try to bastille although the tool Iīm looking for was a
shell command....

Thanks again,

ESG












2011/2/1 <m.roth@5-cent.us>


ESGLinux wrote:
>
> I have received a machine with RHEL 5.1installed and I have to put in a
> production enviroment with other machines I have installed.

First, I'd yum update or up2date it to the current 5.5 (5.6?).
>
> I havenīt installed this machine and I want to check if it is secured and
> it canīt make problems with my systems.
>
> Long time ago I used a tool that your run on a system (perhaps it was a
> Suse... I used to work with Suse in the past) and it gave me a report for
> possible security problems but I canīt remmember which tool was.
>
> Any one knows a tool that makes this work?

There are a number of tools, but it depends on what you want to do with
the box. For example, nmap will scan ports. On the other hand, there's my
favorite, Bastille Linux, which is not a distro, but a package that's a
set of hardening scripts, and will walk you through shutting down or
removing everything you don't need. I've used that on a box I was using
for years as a firewall/router.

So, what do you want to do with the box?

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

02-01-2011 06:10 PM

tool to check security
 
Paul M. Whitney wrote:
<snip>
> You can also look at NIST web pages for SCAP and OVAL for tools that may
> help you with securing your system. And while I would not recommend
> following it to the letter, there is a huge amount of tips and suggestions
> in the NSA SNAC Guide available here:
> http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
>
> You may also want to consider reading up on the NIST Common
> Criteria/Protection Profiles that companies such as HP and IBM have
> developed to secure their systems with an Evaluated Assurance Level of 4
> (EAL4).
<snip>
Heh - a lot of the NIST recommendations actually either use, or refer to
(I forget) Bastille Linux.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

ESGLinux 02-02-2011 07:31 AM

tool to check security
 
Thamk you all for your answers,

I have a lot of things to to now.

For the moment Iīm trying to install Bastille (Iīm having problems with
perl...)

Thanks again,

ESG



2011/2/1 <m.roth@5-cent.us>

> Paul M. Whitney wrote:
> <snip>
> > You can also look at NIST web pages for SCAP and OVAL for tools that may
> > help you with securing your system. And while I would not recommend
> > following it to the letter, there is a huge amount of tips and
> suggestions
> > in the NSA SNAC Guide available here:
> > http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
> >
> > You may also want to consider reading up on the NIST Common
> > Criteria/Protection Profiles that companies such as HP and IBM have
> > developed to secure their systems with an Evaluated Assurance Level of 4
> > (EAL4).
> <snip>
> Heh - a lot of the NIST recommendations actually either use, or refer to
> (I forget) Bastille Linux.
>
> mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

ESGLinux 02-02-2011 05:10 PM

tool to check security
 
Very cool tool!!!

It works very well


Greetings,

ESG



2011/2/2 Mauro Risonho de Paula Assumpįão <mauro.risonho@gmail.com>

> My tool HardeningOne (GPL) http://sourceforge.net/projects/hardeningone/
>
> Only portuguese yet
>
> @firebitsbr
>
> 2011/2/2 ESGLinux <esggrupos@gmail.com>
>
> > Thamk you all for your answers,
> >
> > I have a lot of things to to now.
> >
> > For the moment Iīm trying to install Bastille (Iīm having problems with
> > perl...)
> >
> > Thanks again,
> >
> > ESG
> >
> >
> >
> > 2011/2/1 <m.roth@5-cent.us>
> >
> > > Paul M. Whitney wrote:
> > > <snip>
> > > > You can also look at NIST web pages for SCAP and OVAL for tools that
> > may
> > > > help you with securing your system. And while I would not recommend
> > > > following it to the letter, there is a huge amount of tips and
> > > suggestions
> > > > in the NSA SNAC Guide available here:
> > > > http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
> > > >
> > > > You may also want to consider reading up on the NIST Common
> > > > Criteria/Protection Profiles that companies such as HP and IBM have
> > > > developed to secure their systems with an Evaluated Assurance Level
> of
> > 4
> > > > (EAL4).
> > > <snip>
> > > Heh - a lot of the NIST recommendations actually either use, or refer
> to
> > > (I forget) Bastille Linux.
> > >
> > > mark
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


All times are GMT. The time now is 06:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.