LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   2011 LinuxQuestions.org Members Choice Awards (http://www.linuxquestions.org/questions/2011-linuxquestions-org-members-choice-awards-95/)
-   -   Host Security Application of the Year (http://www.linuxquestions.org/questions/2011-linuxquestions-org-members-choice-awards-95/host-security-application-of-the-year-919907/)

jeremy 12-21-2011 04:05 PM

Host Security Application of the Year
 
What's your favorite host-based security tool?

--jeremy

weirdwolf 01-02-2012 11:06 PM

Rootkit Hunter, not that it gets used a lot.

Uluru 01-03-2012 02:25 AM

Sorry, yes none of these get used "A Lot", in my world.

Then again, as we Linux User's communicate with Window's Users I feel we have a responsibility to 'keep clean'.

I have installed, and have at times used Avast! for Linux (Free), as insurance.
http://www.avast.com/linux-home-edition

Then again there is a case that Window's users would supposedly be well secured just by the nature of their hostile environment, so nothing installed from the list at the moment !

JohnV2 01-03-2012 08:31 PM

Bastille you sure? I think is dead...SNARE may be would be here... Osiris still alive? I don't use in a long time since I changed to OSSEC. My vote is for OSSEC, certainly I used AIDE too.

metalaarif 01-04-2012 05:48 AM

Ohh! man I was searching for this because currently I'm working on AIDE, Samhain and OSSEC

To be honest AIDE is really good but it's old and it comes to Samhain and OSSEC.
Personally both of them are good and have centralised server and monitor it's client.

As far as I'm familiar. I would choose samhain and OSSEC is not that user friendly.
But let's not forget SElinux as well but I vote for samhain......

Gomer_X 01-04-2012 04:24 PM

I like SELinux. So many people see it as just a hassle and turn it off, but if you take the time to learn it, it's a useful tool.

SELinux is useful to me because it forces me to think through things and secure things in a way that makes sense. SELinux doesn't so much prevent intrusion as much as it forces me to set up services in a way that is secure in the first place. If you do something stupid, SELinux will most likely catch it.

gfmtech05 01-05-2012 11:40 AM

Quote:

Originally Posted by Gomer_X (Post 4566193)
I like SELinux. So many people see it as just a hassle and turn it off, but if you take the time to learn it, it's a useful tool.

SELinux is useful to me because it forces me to think through things and secure things in a way that makes sense. SELinux doesn't so much prevent intrusion as much as it forces me to set up services in a way that is secure in the first place. If you do something stupid, SELinux will most likely catch it.

I really tried learning SELinux. I just can't wrap my head around the conceptualization the wiki and SELinux book from the wiki feed you. This nonsense about recipes... it makes it harder to translate to practical working knowledge.

However if you know a better source then I would most definitely take another look since I do happen to like SELinux.

Gomer_X 01-05-2012 01:38 PM

Quote:

Originally Posted by gfmtech05 (Post 4567104)
I really tried learning SELinux. I just can't wrap my head around the conceptualization the wiki and SELinux book from the wiki feed you. This nonsense about recipes... it makes it harder to translate to practical working knowledge.

It's hard to say what resources I used to learn SELinux. I've been running it since Fedora core 2.

It's mostly just about contexts. The context on the file must match what you're doing with the file.

You might try running SELinux in non-enforcing mode ('setenforce 0') and examine file contexts. Do this with 'ls -Z'. For instance everything in /var/www/html has the context:

system_u:object_r:httpd_sys_content_t:s0

The last part is usually the only thing that's important: 'httpd_sys_content_t'. Apache can't serve any content that doesn't have this type set, even if it has read access. If you copy a file to /var/www/html, context should be set for you automatically. If not, you can do 'chcon <file> -t httpd_sys_content_t' to fix it. Or you can do 'restorecon <file>' to set the context to whatever is appropriate for the directory it's in.

Other than contexts, there are boolean variables that you need to mess with very occasionally. For instance if you want your ftp server to be able to allow anonymous users to save files you need to do 'setsebool allow_ftpd_anon_write 1'. To find ftp related booleans, do 'getsebool -a | grep ftp.' They're usually pretty self explanatory.

That's most of what you need to know. If you check the logs (/var/log/secure on Red Hat/CentOS) it'll help with problems as well.

gotfw 01-08-2012 09:00 PM

+1 for Samhain. Been using it for many years now and I think the best at what it does.

LauMars 01-12-2012 07:57 AM

What about things like Fail2ban?

I know it's basic compared to many suites, but it's power is in the simplicity.

[edit]

Just spotted there's another category with fail2ban in it....

xev 01-19-2012 07:37 AM

Never used any, skip.

savotije 02-06-2012 01:07 PM

Tripwire

Satyaveer Arya 02-08-2012 11:54 AM

Always SELinux as I use Red Hat and best for support..


All times are GMT -5. The time now is 02:11 AM.