-
May 12th, 2003, 10:15 PM
#11
LIDS is a good extension beyond the normal Linux security. MAC is the bare minimum required for any system to even be considered secure in my opinion. LIDS adds many other neat functionality/architectural changes to Linux as well. Though the purist will note that a LIDS enabled system is no longer Linux or even UN*X-like. (as it is no longer a single level system)
Although I like LIDS and strongly believe it is a step in the right direction... I don't think it is appropriate to use in a live non-dev/research environment. The LIDS development model is too immature for my liking and it's MAC structure too closely based on the original Bell-LaPadula model which has a lot of issues. I think the DBAC based Pitbull LX or the Flask based SE Linux as a distant second would be better choices... the jury is still out on HP's Trusted Linux, but it looks promising. They offer simpler to administer security, with a more clearly defined objective (greater design assurance) and more mature development models. (still greater assurance)
just my two bits
catch
d'oh forgot to add links:
http://argus-systems.com/product/overview/lx/
http://www.nsa.gov/selinux/
http://www.hpl.hp.com/research/papers/trustedlinux.html
-
May 12th, 2003, 10:35 PM
#12
Re: Additional Security Measures for *nix
Originally posted here by thehorse13
Whenever I am asked to prepare a *nix server, I *always* issue these commands to check and see which files are SUID,GUID and world-writable.
* For SUID:
==============================
find / -type f -perm -4000 -ls
** For GUID
==============================
find / type f -perm -2000 -ls
Hi guys,
You wanna try my trick, you just type "one command" and you will have both SUID and GUID instead of typing "# find / -type -perm -4000 -ls and # find / -type f -perm -2000 -ls"
Code:
sweet# find / -type f -perm +6000 -ls
I hope you like my trick
Cheersss
annya
Not an image or image does not exist!
Not an image or image does not exist!
-
May 12th, 2003, 11:31 PM
#13
thnx to Ichnisan and thehorse. Good tips.
Trappedagainbyperfectlogic.
-
May 15th, 2003, 05:46 AM
#14
I'd just like to add a little advise that was given to me by thehorse13...
If you've ever used Bastille... learn it on a test box!!!
I have completely locked myself out of root and my normal user accounts can't do jack on the machine. I locked it down a little TOOOO much! LoL Good thing it was a test box... or I'd be extremely pissed right now... I put quite a bit of work into configuring my real server...
I actaully can't even reboot the sytem or do anything worthwhile... format and reload.
Anywho... TEST IT ON A TEST BOX and record what you do...
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
May 15th, 2003, 06:05 AM
#15
Great post, very informative
--PuRe
-
May 15th, 2003, 12:14 PM
#16
I am surprised that this has not been posted before with so much destail. Excellent TheHorse.
About time too
Cheers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|