LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-21-2011, 12:10 PM   #1
toma20082010
LQ Newbie
 
Registered: Feb 2011
Posts: 22

Rep: Reputation: 0
Post Scientific Linux 6 security package


hey there,

i wanted to ask you if anyone could recommend a scientific linux security package.
i know there is a default security package in linux
but i want anyone has experience in this topic to recommend any other packages to me.
and if i can activate this default package and the
non-default package together.

i have a cluster and i want to protect my network
and my machines from catching any outside world bugs.

so anyone can help me on this??
thanks
 
Old 09-21-2011, 12:52 PM   #2
tekhead2
Member
 
Registered: Apr 2004
Distribution: slackware/FreeBSD/Vector
Posts: 291

Rep: Reputation: 52
Scientific Linux comes with SELinux enabled if I'm not mistaken. As far as security concerns in a clustered environment there aren't any special security applications that I'm aware of. There are always host based security packages that check for rootkits like chkrootkit and rkhunter, as well as general configuration helps.. I still use the bastille linux script sometimes , its older but it still helps to automate a lot of the tasks I am too lazy to do. What type of "outside world bugs" are you concerned about? If your concerned about network worms and other types of trojans , they don't officially exist on linux.. there are root-kits and exploits, which you can mitigate the risks of those by always using signed packages from a trusted repository, keeping your machine up to date and disabled un needed services. If your concerned about firewalls which block network attacks Scientific Linux should have a config tool to set the security level, try running this as a Root user from the terminal "system-config-securitylevel-tui" this should start the firewall config tool. Other than that just be vigilant with your logs and if possible have the logging send via syslog to another machine.
 
Old 09-21-2011, 06:08 PM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
In other words (loosely speaking), on MS it wasn't really originally designed with security in mind; more an ease of use, so they started trying to bolt on security afterwards. Not the best approach.
Unix was more designed to have security built-in, so most security is just a matter of tweaking the settings of what you've got.


As above, SELinux should already be there. You can add chkrootkit, rkhunter.
Read the stickies at the top of this Security forum and apply the advice.

Do ask if you have more specific qns.
 
Old 09-21-2011, 09:17 PM   #4
John VV
Guru
 
Registered: Aug 2005
Posts: 12,904

Rep: Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713
Unless you have some custom built program that might be busted by an update ,install the normal updates - there are not many .
Just read the list to make 100% sure that they will not be in conflict with any custom software

as to security set SELinux to enforcing and targeted - the install DEFAULT
make sure that SELinuxTroubleShooter is running and solve any warnings .

that is the normal everyday things
now if you where a tin foil hat there are other things but unless you are the CIA or NSA ( FBI is using windows) that is mostly it .

Last edited by John VV; 09-21-2011 at 09:19 PM.
 
Old 09-23-2011, 10:18 AM   #5
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,901

Rep: Reputation: 775Reputation: 775Reputation: 775Reputation: 775Reputation: 775Reputation: 775Reputation: 775
Quote:
Originally Posted by toma20082010 View Post
hey there,
i wanted to ask you if anyone could recommend a scientific linux security package.
...not directly, but...

Quote:
Originally Posted by toma20082010 View Post
i know there is a default security package in linux
I don't know exactly what you mean by this (the idea that Linux is more secure than some other systems by default, something in particular, like iptables, SELinux...); please try to give more detail.

Quote:
Originally Posted by tekhead2 View Post
I still use the bastille linux script sometimes , its older but it still helps to automate a lot of the tasks I am too lazy to do.
The important thing with 'hardening' scripts or procedures like this is knowing what that is relevant to your situation that they don't do. Yes, they do a lot of useful stuff and with close to zero effort they may well do 80% of what you want in some particular situation, but if that then gives you a false sense security that leads you to ignore the other 20%, then it is not such a good deal.

So you still have to understand the threats and take measures to cope with each of them and if you think that you can 'lazy' your way out of that with a script, then that is self-deception. (And, by the way, I used to like Bastille, too. Not sure what the recent state of development of Bastille is, though. Next time, I intend to look at GNU Tiger, to see what that does, but haven't yet had the excuse.)


Quote:
Originally Posted by toma20082010 View Post
.
i know there is a default security package in linux
but i want anyone has experience in this topic to recommend any other packages to me.
and if i can activate this default package and the
non-default package together.
For that, we'd have to know exactly what you mean by the default. But these things tend to be modular, and there shouldn't really be any problem using more than one security package, provided that they don't run two programs for the exact same thing. You wouldn't want to run two (real) firewalls on one box, for example (but, then you wouldn't even try to run iptables twice, would you?). But running iptables and SELinux - good, even if you take the step of describing SELinux as an application firewall.

Quote:
Originally Posted by toma20082010 View Post
i have a cluster and i want to protect my network
and my machines from catching any outside world bugs.
It sounds as though this is something like a compute cluster, and you could firewall off your cluster from the outside world (ie, allow the outside world to start no connections to the cluster, and only allow the cluster to get anything from the outside world under the tightest of restrictions). If that's the case, the concern about nasty people in the outside world doing nasty things go down considerably.

Note that no hardening script will know whether it is appropriate to your circumstances and architecture to wall off the cluster from the outside world, so, ultimately, you have to sort that out yourself, rather than the script sorting it out for you.

Contrariwise, if that is the case, you can't ignore the inside (ie, your users dragging in bad stuff and putting it on to your cluster), and you may be being too casual about that aspect. Or not. Just don't say 'My users are infinitely trustworthy (both failures of competence and active malevolence), I don't ever have to worry about that' because, at least some of the time, that won't actually be true.
 
  


Reply

Tags
clustering, network, package, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux security package toma20082010 Linux - Newbie 2 09-21-2011 01:21 PM
Question on a security package on linux ahmedkamel1355 Linux - Security 1 11-27-2010 05:42 AM
What repository or package I needed to be able to install Scientific Linux? yuri16 Linux - Newbie 6 01-27-2009 01:31 AM
Scientific Graphic Package saurya_s Linux - Software 8 08-23-2004 01:12 PM


All times are GMT -5. The time now is 08:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration