LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > 2011 LinuxQuestions.org Members Choice Awards
User Name
Password
2011 LinuxQuestions.org Members Choice Awards This forum is for the 2011 LinuxQuestions.org Members Choice Awards.
You can now vote for your favorite products of 2011. This is your chance to be heard! Voting ends on February 9th.


Notices



Poll: Host Security Application of the Year
Poll Options
Host Security Application of the Year

You must log in and have one post to vote in this poll. If you don't have an account, you can register here.
Results will be available after the polls close.

The nominees are:

SELinux
Rootkit Hunter
chkrootkit
Tripwire
Bastille
AppArmor
AIDE
grsecurity
OSSEC
Samhain
Osiris
TOMOYO
Lynis

Reply
 
Search this Thread
Old 12-21-2011, 05:05 PM   #1
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,624

Rep: Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657
Host Security Application of the Year


What's your favorite host-based security tool?

--jeremy
 
Old 01-03-2012, 12:06 AM   #2
weirdwolf
Member
 
Registered: Jun 2007
Location: 1 AU from a G2V star
Distribution: PCLinuxOS LXDE
Posts: 118

Rep: Reputation: 202Reputation: 202Reputation: 202
Rootkit Hunter, not that it gets used a lot.
 
Old 01-03-2012, 03:25 AM   #3
Uluru
LQ Newbie
 
Registered: Dec 2005
Location: Australia
Distribution: PCLinuxOS (KDE 4.6.5) MiniMe 2011.09
Posts: 13

Rep: Reputation: 1
Sorry, yes none of these get used "A Lot", in my world.

Then again, as we Linux User's communicate with Window's Users I feel we have a responsibility to 'keep clean'.

I have installed, and have at times used Avast! for Linux (Free), as insurance.
http://www.avast.com/linux-home-edition

Then again there is a case that Window's users would supposedly be well secured just by the nature of their hostile environment, so nothing installed from the list at the moment !

Last edited by Uluru; 01-03-2012 at 03:28 AM.
 
Old 01-03-2012, 09:31 PM   #4
JohnV2
Member
 
Registered: Oct 2011
Distribution: Slackware
Posts: 66

Rep: Reputation: Disabled
Bastille you sure? I think is dead...SNARE may be would be here... Osiris still alive? I don't use in a long time since I changed to OSSEC. My vote is for OSSEC, certainly I used AIDE too.

Last edited by JohnV2; 01-03-2012 at 09:35 PM. Reason: I forget something.
 
Old 01-04-2012, 06:48 AM   #5
metalaarif
Member
 
Registered: Oct 2011
Location: Nepal
Distribution: RHEL, CentOS, Slackware
Posts: 127
Blog Entries: 1

Rep: Reputation: 2
Ohh! man I was searching for this because currently I'm working on AIDE, Samhain and OSSEC

To be honest AIDE is really good but it's old and it comes to Samhain and OSSEC.
Personally both of them are good and have centralised server and monitor it's client.

As far as I'm familiar. I would choose samhain and OSSEC is not that user friendly.
But let's not forget SElinux as well but I vote for samhain......
 
Old 01-04-2012, 05:24 PM   #6
Gomer_X
LQ Newbie
 
Registered: Jan 2012
Location: Ohio
Distribution: Debian, CentOS, Fedora, LFS
Posts: 24

Rep: Reputation: Disabled
I like SELinux. So many people see it as just a hassle and turn it off, but if you take the time to learn it, it's a useful tool.

SELinux is useful to me because it forces me to think through things and secure things in a way that makes sense. SELinux doesn't so much prevent intrusion as much as it forces me to set up services in a way that is secure in the first place. If you do something stupid, SELinux will most likely catch it.
 
Old 01-05-2012, 12:40 PM   #7
gfmtech05
LQ Newbie
 
Registered: Apr 2011
Location: United States
Distribution: Debian
Posts: 24

Rep: Reputation: 7
Quote:
Originally Posted by Gomer_X View Post
I like SELinux. So many people see it as just a hassle and turn it off, but if you take the time to learn it, it's a useful tool.

SELinux is useful to me because it forces me to think through things and secure things in a way that makes sense. SELinux doesn't so much prevent intrusion as much as it forces me to set up services in a way that is secure in the first place. If you do something stupid, SELinux will most likely catch it.
I really tried learning SELinux. I just can't wrap my head around the conceptualization the wiki and SELinux book from the wiki feed you. This nonsense about recipes... it makes it harder to translate to practical working knowledge.

However if you know a better source then I would most definitely take another look since I do happen to like SELinux.
 
Old 01-05-2012, 02:38 PM   #8
Gomer_X
LQ Newbie
 
Registered: Jan 2012
Location: Ohio
Distribution: Debian, CentOS, Fedora, LFS
Posts: 24

Rep: Reputation: Disabled
Quote:
Originally Posted by gfmtech05 View Post
I really tried learning SELinux. I just can't wrap my head around the conceptualization the wiki and SELinux book from the wiki feed you. This nonsense about recipes... it makes it harder to translate to practical working knowledge.
It's hard to say what resources I used to learn SELinux. I've been running it since Fedora core 2.

It's mostly just about contexts. The context on the file must match what you're doing with the file.

You might try running SELinux in non-enforcing mode ('setenforce 0') and examine file contexts. Do this with 'ls -Z'. For instance everything in /var/www/html has the context:

system_u:object_r:httpd_sys_content_t:s0

The last part is usually the only thing that's important: 'httpd_sys_content_t'. Apache can't serve any content that doesn't have this type set, even if it has read access. If you copy a file to /var/www/html, context should be set for you automatically. If not, you can do 'chcon <file> -t httpd_sys_content_t' to fix it. Or you can do 'restorecon <file>' to set the context to whatever is appropriate for the directory it's in.

Other than contexts, there are boolean variables that you need to mess with very occasionally. For instance if you want your ftp server to be able to allow anonymous users to save files you need to do 'setsebool allow_ftpd_anon_write 1'. To find ftp related booleans, do 'getsebool -a | grep ftp.' They're usually pretty self explanatory.

That's most of what you need to know. If you check the logs (/var/log/secure on Red Hat/CentOS) it'll help with problems as well.
 
Old 01-08-2012, 10:00 PM   #9
gotfw
Member
 
Registered: Jan 2007
Posts: 327

Rep: Reputation: 63
+1 for Samhain. Been using it for many years now and I think the best at what it does.
 
Old 01-12-2012, 08:57 AM   #10
LauMars
Member
 
Registered: Sep 2007
Location: /root/
Distribution: Arch, CentOS, Debian, FreeBSD, Slackware, Solaris, SuSE (Open & SLES)
Posts: 115

Rep: Reputation: 25
What about things like Fail2ban?

I know it's basic compared to many suites, but it's power is in the simplicity.

[edit]

Just spotted there's another category with fail2ban in it....

Last edited by LauMars; 01-12-2012 at 09:41 AM.
 
Old 01-19-2012, 08:37 AM   #11
xev
LQ Newbie
 
Registered: Aug 2011
Posts: 18

Rep: Reputation: Disabled
Never used any, skip.
 
Old 02-06-2012, 02:07 PM   #12
savotije
Member
 
Registered: Oct 2010
Location: Serbia (Europe)
Distribution: Slackware 13.1
Posts: 97

Rep: Reputation: 6
Tripwire
 
Old 02-08-2012, 12:54 PM   #13
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Dehradun, Uttarakhand, India
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,413

Rep: Reputation: 303Reputation: 303Reputation: 303Reputation: 303
Always SELinux as I use Red Hat and best for support..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Network Security Application of the Year jeremy 2011 LinuxQuestions.org Members Choice Awards 29 02-08-2012 09:02 PM
Host Security Application of the Year jeremy 2010 LinuxQuestions.org Members Choice Awards 14 02-07-2011 01:17 PM
Host Security Application of the Year jeremy 2009 LinuxQuestions.org Members Choice Awards 3 01-27-2010 10:38 PM
Host Security Application of the Year jeremy 2008 LinuxQuestions.org Members Choice Awards 14 02-22-2009 10:27 AM
Host Security Application of the Year jeremy 2007 LinuxQuestions.org Members Choice Awards 13 01-27-2008 02:02 AM


All times are GMT -5. The time now is 01:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration