LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Distributions (http://www.linuxquestions.org/questions/linux-distributions-5/)
-   -   Secure Debian-based with GUI distribution? Security reading material (e-versions)? (http://www.linuxquestions.org/questions/linux-distributions-5/secure-debian-based-with-gui-distribution-security-reading-material-e-versions-675123/)

computer_freak_8 10-08-2008 03:50 PM

Secure Debian-based with GUI distribution? Security reading material (e-versions)?
 
Okay, here's the deal.

I am going to be a part of a "cyber contest" event at a (high-)school event. My job is to protect our server from the "hackers" (the college students).

Here's what happens. The high school students (us) are the "victims" or "targets" and the college students are the "hackers". Basically, they try to hack us and take down our network, and we try to keep it up, running and functional.

So, I am in need of recommendations:

1. What would be the best (in terms of security) Debian-based distribution that has/can easily obtain a GUI? Note: "Debian-based", in this case, can mean "based on a distribution based on Debian", "based on a distribution based on a distribution based on Debian", et cetera. As long as the deepest roots point back towards Debian.

2. What is some good e-reading material for me? I don't have any money to spend, but if anyone knows of any legally free eBooks (id est, not pirated), and/or any good tutorials, sites, links, et cetera, by all means, please point me towards it/them!

Note 1: The Debian-based part is my personal preference; I am familiar/comfortable with the "feel" of such distributions.

Note 2: I know that most of the power in any given Linux distribution comes from the CLI, but I would still like to have a GUI available. Here's how I figure it: I want to be able to monitor/control as much as I can with the GUI, and whenever I need the CLI, I will open a Terminal shell - without having to leave the GUI, and possibly miss something else that happened.

Note 3: I will need Aptitude and/or Apt-Get package management. I do not (necessarily) need a GUI to the package management, but it would be helpful. In other words, if it doesn't have GUI package management, I will be able to live without it, but if it does have it, that will be a nice bonus.


Thank you all in advance,
computer_freak_8

computer_freak_8 10-08-2008 04:05 PM

I forgot to mention...
 
I forgot to mention this part: We are allowed to take down the "hacker's" server/network if we need to; just as long as ours stays up and running.

So, does anyone know of any distributions that meet the previously mentioned requirements and/or (but preferably "and") the following requirements:

1. Good for hacking (efficient, maybe stealthy)
2. GUI
3. Lots of tools available to hack (Metasploit? John the Ripper? I don't really know; I'm trying to remember what I used to know about this sort of thing...)
4. (Optional but preferred:) Debian based
5. (Could be optional but much preferred:) Simple/easy to use package management. (GUI definately preferred, but not absolutely required.)


Thanks again,
computer_freak_8

unSpawn 10-09-2008 05:18 PM

Wargames just isn't a distro thing. It's about knowledge (and a wee bit of luck), skill (and some soceng if you can handle it, heh) and a feeling for the sun-tzu ping-fa. Wrt reading Debian comes with one of the oldest, all-encompassing security HOWTO's that will provide a good start. Read it, run tools like Tiger and post your hardening approach for a second opinion, hints, tips and pointers.

computer_freak_8 10-09-2008 06:21 PM

Huh?
 
Quote:

Originally Posted by unSpawn (Post 3305561)
Wrt reading Debian comes with one of the oldest, all-encompassing security HOWTO's that will provide a good start. Read it,

I'm confused... read what?

What is it that you are referring to? I think you mean that Debian includes a How-To with its distribution. Is this correct? If so, how do I access it?

Would I be better off basing my system on Ubuntu, (since I am most familiar with it - out of all Linux OSes, that is) or would I be better off learning more "pure"/"true" Debian and using is as my base distribution?

Thanks much,
computer_freak_8

unSpawn 10-10-2008 01:03 PM

Quote:

Originally Posted by computer_freak_8 (Post 3305599)
I'm confused... read what?

Funny, when I use terms like "debian security howto" in my favourite searchengine it's top of the list of results?..


Quote:

Originally Posted by computer_freak_8 (Post 3305599)
Would I be better off basing my system on Ubuntu, (since I am most familiar with it - out of all Linux OSes, that is) or would I be better off learning more "pure"/"true" Debian and using is as my base distribution?

Trying to be as distro-agnostic as possible I'd say use what you're comfortable with. But please consider *not* using a GUI: keep the machine as lean as possible softwarewise. Try to be as inquisitive as you can muster, read as much as you can and follow the hardening routines to the letter unless you know better (right). On top of that you want to know the reasons why you're applying them, understand what effect they have, what risks they will cause (if any), how you can monitor the integrity of the system, detect breaches of security, mitigate damage, regain control, et cetera. What you're trying to accomplish is not done by just applying some list of hardening rules, security is dynamic not rigid, and to succeed you have to practice and practice and practice your role of hardening and defending.

computer_freak_8 10-10-2008 09:01 PM

Good advice.
 
First off, thanks for the link. I wasn't sure exactly what you meat when you said "Debian comes with".

Secondly, It makes sense to know how/why the enhancements are done, and done the way they are; thanks for pointing this out, I hadn't thought about this part before.

Third, the GUI. Yes, I know there will be a performance impact. However, knowing my newbie-ness to this type of thing, I think it will be best for me to have one - I can run (and see) terminal windows for tailing and following multiple log files all at once, without having to [Ctrl]+[Alt]+[F#] amongst them. There are also some other things, such as GUI front-ends to firewalls and such, but since the "main power" is at the command line, that first reason is my main one for the GUI.

So, what is the GUI that has the least of an impact (of the GUIs) on the performance of the machine? I'm guessing TWM, Fluxbox, Blackbox, IceWM, and Xfce would all be okay. I think that Fluxbox or IceWM would probably be best for my needs, but what do you think?

craigevil 10-11-2008 04:04 AM

Securing Debian Manual
http://www.debian.org/doc/manuals/se.../index.en.html

fluxbox would be a nice lightweight wm choice.

Paranoid Penguin - Security Features in Ubuntu Server
http://www.linuxjournal.com/article/10012

BASTILLE-LINUX
Quote:

Bastille has become a vital part of the security hardening space. It's the most used hardening tool for Linux and HP-UX and is shipped by the vendor on SuSE, Debian, Gentoo and HP-UX. It is covered in all of the major books on Linux Security and has been the subject of a number of articles. Most recently, the Center for Internet Security's Linux Hardening Guide has recommended the use of Bastille to help harden systems.
Securing Linux, Part 3: Hardening the system
http://www.ibm.com/developerworks/li...ary/l-seclnx3/

Ubuntu Unleashed: Howto: Harden the Ubuntu Linux Kernel with sysctl
http://www.ubuntu-unleashed.com/2008...rnel-with.html

unSpawn 10-11-2008 04:33 AM

Quote:

Originally Posted by computer_freak_8 (Post 3306568)
Third, the GUI. Yes, I know there will be a performance impact.

No, from a hardening point of view running a GUI isn't primarily a performance impact issue. It has to do with X11 requiring access to devices in a way few subsystems need (GRSecurity) and you can do without, the risk from having (for security unnecessary) SW around, exposure from running it (port, socket). Maybe also see the LQ FAQ: Security references (or better: the version cleaned up by Aus9 and me at http://rkhunter.wiki.sourceforge.net/SECREF). Wrt performance, yes, it is, and you could use that RAM and computational power for running things that *are* beneficial for the security posture of the machine.


Quote:

Originally Posted by computer_freak_8 (Post 3306568)
I can run (and see) terminal windows for tailing and following multiple log files all at once, without having to [Ctrl]+[Alt]+[F#] amongst them.

Learn how to use "screen"?


Quote:

Originally Posted by computer_freak_8 (Post 3306568)
There are also some other things, such as GUI front-ends to firewalls and such, but since the "main power" is at the command line, that first reason is my main one for the GUI.

Yes, and I *do* understand that you would like to. But what you should do at the same time is understand *what* the application GUI does behind the screens, what configuration it sets or changes so you can then rid yourself of that dependency. You could facilitate this by making a backup of all pristine configuration files and running a file integrity checker like Samhain (active) or Aide (passive). That way, when things change, you can "diff" configs and note changes. For example not all firewall GUI's are created equal: some allow you to the freedom to design complete policies (takes some knowledge) while others only allow you to block a few ports. The point is that a) you need to remain in control and b) using a "wizard" is no substitute for knowledge.

That's why I emphasised practicing things and that isn't hard to set up and start with: only thing you need is a machine you can work on and load a QEmu or VMware image to play with. That way you recover more easily from fsck ups by just loading a pristine image. Both QEmu OSZOO and VMware community provide all sorts of OS and distro images to check out for free (as in beer).

I would suggest you read some, choose a distro, read more, then whip up a detailed list of changes you think are necessary to harden the machine. (I mean: don't ask for a list but come up with one yourself). Then post that list in the Linux Security forum if you would like a second opinion.


Quote:

Originally Posted by computer_freak_8 (Post 3306568)
I think that Fluxbox or IceWM would probably be best for my needs, but what do you think?

A WM is just an extra layer for accessing the tools you need to run. The less bells 'n whistles the better. Maybe search LQ for speed slash feature comparison, then choose?..

computer_freak_8 10-11-2008 12:04 PM

Re: "screen"
 
craigevil: Thanks for all the links. I will be reading them shortly.


unSpawn: Thanks for the tip on the "screen" program.
After looking over the man page (reading some, scanning the rest) for it, I was still unable to make my session "jump" to the lower half after splitting the screen. I tried playing with the "windowlist" and "focus" features, but they would simply change which "session" I ran in the top half of the screen. Also, is there a way to make the screen split into two rows, two columns, or three rows, three columns? If so, how do I initiate shells in each of these "windows"? Google has provided me with the basics on how to use screen, and the man page helped clarify a few things, but I'm still a bit confused on how to "properly use" the screen program.
Note: I don't need you to just give me the answer, I do prefer the little hints that simply guide me in the right direction. Which brings me to my next point.

I noticed that you seem to know a lot about security with Linux. I hope to have a career involving this someday. I appreciate how you give me ways to learn, rather than ways to "do" - I'd rather practice learning than a routine. What I mean by this is that, instead of learning "Step 1; do this. Step 2; run this command. Step 3; copy this file here.", I (as well as you, it seems) prefer that I learn "Tips on how to obtain the knowledge you need; tips on how to find more information." Thus, I learn information, instead of memorizing commands.

Put much more simply, I like your approach on this. Thanks.

Oh, one more thing: When you mentioned the "Linux Security forum", were you referring to the one at http://www.linuxsecurityforum.org/? I found many others, including these two:
http://www.linuxquestions.org/questi...ux-security-4/
http://www.linuxforums.org/forum/linux-security/


Thanks so much!
computer_freak_8

unSpawn 10-12-2008 03:14 AM

Heh, but I'm not a Security guru, there's lotsa people here who definately know way more than I do (which is a good thing, considering). With the default keycombo splitting is C-a S, columns it doesn't do AFAIK, jumping I don't know about and shell init is C-a c. Searching LQ slash the 'net for "screen +tips" will reveal more. If you find something of worth please post. And yes, I meant http://www.linuxquestions.org/questi...ux-security-4/ because we like to keep that type of questions together here at LQ.

Thanks for the feedback BTW, I don't it get that often.

computer_freak_8 08-12-2009 12:12 PM

Success!
 
Heh heh, wow, I forgot all about this thread!

Well, we had the contest, and our team came in 4th of about 30-40 or so.

The server I was in charge of was hosting SMTP/IMAP/Webmail. The rest of my teammates were either on the Web/FTP server, the (Windows-based) Remote Desktop server, or an extra machine we were using exclusively for monitoring purposes. The web server eventually got hacked, but with the help of the others, I finally managed to get it back up again, by copying the deleted files from my system. (The only missing files were the ones from the "modules" and "boot" directories.) However, there were only a couple of the Web/FTP servers that didn't get hacked, and I think ours was about the only one that came back up after being attacked. Both the Remote Desktop and Mail servers were up the whole time; apparently only two Mail servers got hacked, and I don't recall how many of the Remote Desktop servers.

While I wouldn't trust it in real-world situations, I was glad that I survived throughout the competition.

Basically, my server consisted of Ubuntu 8.04 (Desktop, 32-bit) fully updated, using Squirrelmail, Courier IMAP, and Postfix SMTP. I originally had it setup using the most secure protocols, but they wanted it to be more standard. I used an IPTABLES "deny address" script I made to add addresses to my "ban" list.

Thanks for all the help/ideas!
-cf8


All times are GMT -5. The time now is 03:58 AM.