Search for security comparisons of hardened linux
This is a discussion on Search for security comparisons of hardened linux within the Linux Security forums, part of the System Security and Security Related category; Hello, I'm seaching for a serios security comparison between hardened linux distributions and linux hardening methods. It seems, that ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-12-2006
|
|||
|
|||
Search for security comparisons of hardened linux
Hello,
I'm seaching for a serios security comparison between hardened linux distributions and linux hardening methods. It seems, that hardened Gentoo would be the best one, but I have only one source and would like to verify it with another source. I know this methods: * Openwall * PaX (G) * SSP (G) * grsecurity (G) * LIDS * SELinux (G) * RSBAC (G) Hardened Gentoo implements all methods marked with (G). Can you help me? Bye, Mike -- Weil es die Lesbarkeit des Textes verschlechtert. > Warum ist TOFU so schlimm? >> TOFU >>> Was ist das groesste Aergernis im Usenet? 
|
|
04-12-2006
|
|||
|
|||
|
Re: Search for security comparisons of hardened linux
On Wed, 12 Apr 2006 16:41:43 +0200, M. Decker wrote:
> I'm seaching for a serios security comparison between hardened linux > distributions and linux hardening methods. > > It seems, that hardened Gentoo would be the best one, but I have only > one source and would like to verify it with another source. [Snip: a.o. LIDS, SELinux] You may also want to have look at Novell AppArmor (formerly of Immunix ?): http://en.opensuse.org/Apparmor ( And what ever happened to LOMAC?: http://opensource.sparta.com/lomac/ ) > Can you help me? Probably not. However maybe some web search will: http://distrowatch.com/search.php?ca...&status=Active http://www.cs.wright.edu/~pmateti/Li...cureLinux.html -- -Menno.
|
|
04-13-2006
|
|||
|
|||
|
Re: Search for security comparisons of hardened linux
M. Decker wrote:
> Hello, > > I'm seaching for a serios security comparison between hardened linux > distributions and linux hardening methods. > > It seems, that hardened Gentoo would be the best one, but I have only > one source and would like to verify it with another source. > > I know this methods: > * Openwall > * PaX (G) > * SSP (G) > * grsecurity (G) > * LIDS > * SELinux (G) > * RSBAC (G) > > Hardened Gentoo implements all methods marked with (G). > > Can you help me? http://www.cisecurity.org
|
|
04-13-2006
|
|||
|
|||
|
Re: Search for security comparisons of hardened linux
On Thu, 13 Apr 2006 02:56:34 +0000, base60 wrote:
> M. Decker wrote: >> I'm seaching for a serios security comparison between hardened linux >> distributions and linux hardening methods. http://linas.org/linux/secure.html >> It seems, that hardened Gentoo would be the best one, What "would be the best one" for you might differ from what is the best one for me. Same deal for any other article author. FWIW i'd look at like Adamantix (formerly trusted Debian) atleast: http://www.adamantix.org/ >> but I have only one source Can you post a link to it (or maybe just explain in more detail)? >> and would like to verify it with another source. >> >> I know this methods: >> * Openwall >> * PaX (G) >> * SSP (G) >> * grsecurity (G) >> * LIDS >> * SELinux (G) >> * RSBAC (G) >> >> Hardened Gentoo implements all methods marked with (G). >> >> Can you help me? > > http://www.cisecurity.org Thanks for that link, however what i read here: http://www.cisecurity.org/tools2/lin...hmark_v1.0.pdf "Slackware comes with two ftp servers * vsftpd (Very Secure File Transfer Protocol) proftpd (Professional File Transfer Protocol). Like telnet, the FTP protocol is unencrypted, which means passwords and other dat transmitted during the session can be captured by sniffing the network, and that the FT session itself can be hijacked by an external attacker." Lets see: menno@pc:~$ for f in /usr/sbin/*ftpd; do echo $f; readelf -a $f |grep -m1 SSL; done /usr/sbin/in.proftpd 080c4770 00000107 R_386_JUMP_SLOT 00000000 SSL_CTX_set_tmp_rsa_ca /usr/sbin/in.tftpd /usr/sbin/proftpd 080c4770 00000107 R_386_JUMP_SLOT 00000000 SSL_CTX_set_tmp_rsa_ca /usr/sbin/vsftpd 08063780 00000b07 R_386_JUMP_SLOT 00000000 SSL_get_rbio Here is how to configure them with SSL/TLS support: http://groups.google.com/group/comp....b2cca3d3814d58 -- -Menno.
|
|
04-13-2006
|
|||
|
|||
|
Re: Search for security comparisons of hardened linux
Thanks a lot both of you!
>>> It seems, that hardened Gentoo would be the best one, > > What "would be the best one" for you might differ from what is the best > one for me. Same deal for any other article author. You're right... Let me say: "would be my favourite" There are never best of all... Perhaps best in this case with that knowledge with my view, but never an ultimate best... >>> but I have only one source > > Can you post a link to it (or maybe just explain in more detail)? http://en.hakin9.org/ -> hackin9 magazine Nr. 2/2006 -> "Festung Linux" in german But it seems, there is no 2/2006 in English, yet... Bye -- Weil es die Lesbarkeit des Textes verschlechtert. > Warum ist TOFU so schlimm? >> TOFU >>> Was ist das groesste Aergernis im Usenet?
|
Linear Mode
