Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm planning on building my first secure firewall, and can't seem to make up my mind on the OS. I like RedHat and SuSE, but I tried OpenBSD a few years ago and really liked it too.
The firewall will be on an older pc:
p3 550Mhz, 256MB RAM, 6GB HD, 2 nic's, no X
I'm going to install:
- firewall (ssh2 open using auth keys)
- NAT
- DHCP server
- squid
- DansGuardian - w/ anti-virus support
- SARG - squid reporting tool (accessible only from green LAN)
I need a secure OS, but ease of upgradability is huge too. Automation is desirable, but only if safe.
A recent book for hardening linux for the above usage would be a god send!
I'm going to manually learn each of these packages, giving myself a couple months to do it (can dedicate alot of time at work too). Any and all suggestions greatly appreciated!
I'm planning on building my first secure firewall, and can't seem to make up my mind on the OS. I like RedHat and SuSE, but I tried OpenBSD a few years ago and really liked it too.
The firewall will be on an older pc:
p3 550Mhz, 256MB RAM, 6GB HD, 2 nic's, no X
I'm going to install:
- firewall (ssh2 open using auth keys)
- NAT
- DHCP server
- squid
- DansGuardian - w/ anti-virus support
- SARG - squid reporting tool (accessible only from green LAN)
I need a secure OS, but ease of upgradability is huge too. Automation is desirable, but only if safe.
A recent book for hardening linux for the above usage would be a god send!
I'm going to manually learn each of these packages, giving myself a couple months to do it (can dedicate alot of time at work too). Any and all suggestions greatly appreciated!
Thanks!
Daryl
well, if you already tried openbsd and you liked it, then why not go with that??
as for the gnu/linux OS, pretty much any distribution can do all the things you listed... the security mostly depends on you, the system administrator... i would recommend slackware, but it's completely subjective and others will suggest other distros... you can use whatever distro you want, really... just pick whichever you like the most...
I don't think that SuSE would be the best in this case. Even installing just the base system is over 1GB.
Also, while YaST simplifies administration, and can be run in a shell, the configuration scripts can be a bit hard to follow if you want to configure things manually.
There is a book called "Hardening Linux" another called "Linux Server Security".
Also, on the www.tldp.org website is a 800 page book on Securing and Optimizing Linux. This document is very comprehensive. It is biased towards Fedora Core. If you decide that this publication is ideal for your purpose, you may decide to go with Fedora to make things easier.
I would go with one of the more mainstream distro's that has a good security update record. It will be easier than having to track announcements and download and apply patches yourself.
There is a book titled "Automating Unix and Linux Administration" that you may find helpful. Although it may be more useful if you are managing several hosts. The author is biased towards using cfengine. He covers using tripwire.
I responded to a similar post recently. Since you are installing a bastion host, most software and services will not be installed. Even the gcc compiler is commonly removed after the host is setup. Since so much isn't being installed, there isn't much left to distinguish one distro from the other. In this case, I would recommend going with what you are most comfortable with.
I don't think that SuSE would be the best in this case. Even installing just the base system is over 1GB.
Also, while YaST simplifies administration, and can be run in a shell, the configuration scripts can be a bit hard to follow.
I agree with you on this. I actually prefer SuSE as my desktop (and laptop), but agree it's probably not my best choice for a slimmed down server OS.
Quote:
Originally Posted by jschiwal
There is a book called "Hardening Linux" another called "Linux Server Security".
Also, on the www.tldp.org website is a 800 page book on Securing and Optimizing Linux. This document is very comprehensive. It is biased towards Fedora Core. If you decide that this publication is ideal for you purpose, you may decide to go with Fedora to make things easier.
Only 800 pages? A nice weekend project
Quote:
Originally Posted by jschiwal
I would go with one of the more mainstream distro's that has a good security update record. It will be easier than having to track announcements and download and apply patches yourself.
This is the point I'm at now, and need the most help with. I'm not that familiar with the latest of each major distribution. I dabbled with Debian and Ubuntu awhile back, as well as others, but haven't tried them lately.
Quote:
Originally Posted by jschiwal
There is a book titled "Automating Unix and Linux Administration" that you may find helpful. Although it may be more useful if you are managing several hosts. The author is biased towards using cfengine. He covers using tripwire.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.