Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Nice philosophical discussion, but it has zilch to do with the OP's question. Apparently he decided this would be a good place to solicit Windows advice.
Further down the thread I see it's something of a security free-for-all. In that case, I've always been rather interested in the Owl distro (but have not made time for it yet).
Personally I'd feel much more confident running an OS that was built from the ground up with security in mind than relying on any retrofitted 'suite' of tools.
Personally I'd feel much more confident running an OS that was built from the ground up with security in mind than relying on any retrofitted 'suite' of tools.
Of course. I'm sure almost everyone feels the same way too. But the suite wouldn't technically have to be a collection of tools. It would only need to be a front-end to the security tools that are *already* available on the distro. So you aren't really adding any security tools, just a centralized interface to them - one tool. This would have the added benefit of making this much simpler for whoever would try to create such a GUI application IMHO.
Astaro Linux has a pretty good suite of security-oriented tools. Although it is one of those 'gateway' distributions, akin to Clarkconnect, Smoothwall, and IPCop (but thicker on security), I'm surprised someone hasn't built a *nix suite (bundled all together) with some of the software packages that Astaro implements: VPN capability, proxies based on several protocols, a lightweight IDS, IPTables...all in a package that can be installed with minimal interaction (to help the Linux neophyte). Although Astaro is so configurable that it may boggle the average mind, I'm pretty sure that a group of dedicated and focused developers can come up with a watered-down lightweight solution that implements half of what Astaro does...it could be offered as a security suite. Just some musings...
This makes a lot of sense. Specially the watered-down part. It definitely has to be watered-down, and re-focused for the desktop rather than the gateway. I would imagine, however, that most people would prefer a GTK/Qt-type GUI instead of a web-based one. I honestly have an easier time picturing a GTK-based security suite in, for example Ubuntu, than I do a web-based one.
Take a look at engarde if you have not already done so. It has av, ids, selinux, ips, hardened web server, dns servers, mail servers all with a pretty simple web interface. but it does not have a GUI. I am guessing it is because the GUI is the hardest thing to try and secure.
Wow, I just had a quick look at the EnGarde screenshots and they are quite impressive. They have a nice vanilla flavor to them. I was actually expecting something gateway-centric but it seems the functions are pretty generic, although server-oriented.
I'm starting to wonder how come we have so many gateway and server oriented web-based front ends yet apparently none that are desktop-oriented. What's up with that? I mean, I would expect gateway and server administrators to be the last types of users to need GUIs.
Wow, I just had a quick look at the EnGarde screenshots and they are quite impressive. They have a nice vanilla flavor to them. I was actually expecting something gateway-centric but it seems the functions are pretty generic, although server-oriented.
I'm starting to wonder how come we have so many gateway and server oriented web-based front ends yet apparently none that are desktop-oriented. What's up with that? I mean, I would expect gateway and server administrators to be the last types of users to need GUIs.
The reason that most are a web-based front end rather that a GUI front end is because they aim at windows users for protecting the boundry of the network because protecting the network with windows just is not smart and most windows admins dont know anything about linux but the web based front end makes them feel like the know what they are doing. Plus for remote management web-based is alot easier.
The reason that most are a web-based front end rather that a GUI front end is because they aim at windows users for protecting the boundry of the network because protecting the network with windows just is not smart and most windows admins dont know anything about linux but the web based front end makes them feel like the know what they are doing. Plus for remote management web-based is alot easier.
I agree 80%, the web based good for many other reason as well, we no need to go into the Server Room, We no need to waste the server resource to run the pretty GUI, and the effort of programming part for web based more or less same with c, java or etc.
I'm actually working on a project right now, where you post your .conf files into the textbox on my site and then I'm using regular expressions with php to find lines that need to be changed to harden your .conf files. I will eventually branch out, but I'm gonna get most of the .conf files hardening done first.
Sorry if anyone thinks this is a stupid idea, but I'm having fun with it.
I'm actually working on a project right now, where you post your .conf files into the textbox on my site and then I'm using regular expressions with php to find lines that need to be changed to harden your .conf files. I will eventually branch out, but I'm gonna get most of the .conf files hardening done first.
Sorry if anyone thinks this is a stupid idea, but I'm having fun with it.
nomb
There is only 1 problem with that. You need to harden the app not the config file and how are you going to know what to restrict or change when each config file could be set that way for usability by the distro developer and without those setting the system may not function properly. but have fun with it and let us know when it is working.
There is only 1 problem with that. You need to harden the app not the config file and how are you going to know what to restrict or change when each config file could be set that way for usability by the distro developer and without those setting the system may not function properly. but have fun with it and let us know when it is working.
I see what your saying but you are thinking only of applications. When I mention config files, I'm saying like changing 'PermitRootLogin Yes' to 'PermitRootLogin NO' for the sshd. I mostly play with network security / server apps and daemons, but I do want to branch out even more. I have an iptables generator on there now, and am about 75% done with sshd.
And so on. Right now, it is very easy. You paste your conf file. Hit 'analyze' and it looks through the conf files and shows you which settings you currently have and what you should change them to.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.