Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Before, I get my linux box ready to go out on the net (I'm using Windoze 98 at the moment with a firewall running). Which tools should I use on my linux box for each of the following categories,with an explain on why you recommend it:
NOTE: I've all ready made my decision on the firewall that I'm going to use.
Although still gotta study up on how to setup it up properly, rather than just trusting other people's scripts without knowing what some the functions in the script do.
1)Snort. It's a rule and signature based packet filter (not some port connector tripwire like Portsentry), has good performance and is under active development. Refresh rules regularly.
2)Chkrootkit, some MTA filter like procmail, milter, and Antivirus software. Chkrootkit is the only known app to me that tries to detect a wide range of trojaned binaries by looking for unusual stuf (dirs like ./puta, ./adm) and string fragments from known trojans. Ofcourse that's only for *Known* Trojans. Stay on top by subscribing to some mailinglists. If you're serving for Wintendo boxes you might want to add some AV software to comb tru up/download dirs, personal dirs and mailspools. Currently I'm using Mcafee's uvscan and the romanian RAV. For detecting spam, malware and other "jokes" during delivery I use some procmail filters.
3)Aide, Samhain or Tripwire. Personally I like Aide, it's easy to configure and flexible using different algoritms and detecting MAC times. Don't forget to save your databases on read-only media.
4)Local: COPS or Tiger. Old, but could serve for basic SUID checking etc. Network: Nmap, Nsat, Nessus and some tools for packet mangling etc. Nmap and nessus are "swiss knifes", the rest is (and should be) based on personal experience and needs, just use the stuff you're familiar with.
Some sidenotes.
Personally I like the GRSecurity kernelpatch for taking away LINUX_CAPABILITIES (caps intended) like not being able to load modules after startup, forkbomb control, and kernel access and user restrictions, you could also look into Lcaps, LIDS, LOMAC or RBAC, stackguard. Before manually inspecting and compiling tarballs I comb the source over with a flawfinder. being able to chroot services and running them from a non-root account can be enhancing security. Some apps will chroot themselves (BIND for instance), some apps need help. Personally I use rootjail for automation, and then tweak the chroot manually.
Hi,
I am having some problems installing COPS on my Red Hat 7.0 system. When I run ./reconfig, i get a few errors specifing that certain files are missing. I am also runnign TIGER and it is running perfectly (I have not installed it though!!).
Could someone please help me with installationof COPS on Linux Red Hat 7.0??
Could you tell us what it's missing?
Maybe "./reconfig 2>&1 > err.log" and post it here. Also it's best to start a new thread when asking a question and not tack onto existing ones...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.