2011 LinuxQuestions.org Members Choice AwardsThis forum is for the 2011 LinuxQuestions.org Members Choice Awards.
You can now vote for your favorite products of 2011. This is your chance to be heard! Voting ends on February 9th.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
View Poll Results: Host Security Application of the Year
Then again there is a case that Window's users would supposedly be well secured just by the nature of their hostile environment, so nothing installed from the list at the moment !
Bastille you sure? I think is dead...SNARE may be would be here... Osiris still alive? I don't use in a long time since I changed to OSSEC. My vote is for OSSEC, certainly I used AIDE too.
Last edited by JohnV2; 01-03-2012 at 08:35 PM.
Reason: I forget something.
Ohh! man I was searching for this because currently I'm working on AIDE, Samhain and OSSEC
To be honest AIDE is really good but it's old and it comes to Samhain and OSSEC.
Personally both of them are good and have centralised server and monitor it's client.
As far as I'm familiar. I would choose samhain and OSSEC is not that user friendly.
But let's not forget SElinux as well but I vote for samhain......
I like SELinux. So many people see it as just a hassle and turn it off, but if you take the time to learn it, it's a useful tool.
SELinux is useful to me because it forces me to think through things and secure things in a way that makes sense. SELinux doesn't so much prevent intrusion as much as it forces me to set up services in a way that is secure in the first place. If you do something stupid, SELinux will most likely catch it.
I like SELinux. So many people see it as just a hassle and turn it off, but if you take the time to learn it, it's a useful tool.
SELinux is useful to me because it forces me to think through things and secure things in a way that makes sense. SELinux doesn't so much prevent intrusion as much as it forces me to set up services in a way that is secure in the first place. If you do something stupid, SELinux will most likely catch it.
I really tried learning SELinux. I just can't wrap my head around the conceptualization the wiki and SELinux book from the wiki feed you. This nonsense about recipes... it makes it harder to translate to practical working knowledge.
However if you know a better source then I would most definitely take another look since I do happen to like SELinux.
I really tried learning SELinux. I just can't wrap my head around the conceptualization the wiki and SELinux book from the wiki feed you. This nonsense about recipes... it makes it harder to translate to practical working knowledge.
It's hard to say what resources I used to learn SELinux. I've been running it since Fedora core 2.
It's mostly just about contexts. The context on the file must match what you're doing with the file.
You might try running SELinux in non-enforcing mode ('setenforce 0') and examine file contexts. Do this with 'ls -Z'. For instance everything in /var/www/html has the context:
system_u:object_r:httpd_sys_content_t:s0
The last part is usually the only thing that's important: 'httpd_sys_content_t'. Apache can't serve any content that doesn't have this type set, even if it has read access. If you copy a file to /var/www/html, context should be set for you automatically. If not, you can do 'chcon <file> -t httpd_sys_content_t' to fix it. Or you can do 'restorecon <file>' to set the context to whatever is appropriate for the directory it's in.
Other than contexts, there are boolean variables that you need to mess with very occasionally. For instance if you want your ftp server to be able to allow anonymous users to save files you need to do 'setsebool allow_ftpd_anon_write 1'. To find ftp related booleans, do 'getsebool -a | grep ftp.' They're usually pretty self explanatory.
That's most of what you need to know. If you check the logs (/var/log/secure on Red Hat/CentOS) it'll help with problems as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.