Additional Security Measures for *nix - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Additional Security Measures for *nix

  1. #11
    Banned
    Join Date
    May 2003
    Posts
    1,004
    LIDS is a good extension beyond the normal Linux security. MAC is the bare minimum required for any system to even be considered secure in my opinion. LIDS adds many other neat functionality/architectural changes to Linux as well. Though the purist will note that a LIDS enabled system is no longer Linux or even UN*X-like. (as it is no longer a single level system)

    Although I like LIDS and strongly believe it is a step in the right direction... I don't think it is appropriate to use in a live non-dev/research environment. The LIDS development model is too immature for my liking and it's MAC structure too closely based on the original Bell-LaPadula model which has a lot of issues. I think the DBAC based Pitbull LX or the Flask based SE Linux as a distant second would be better choices... the jury is still out on HP's Trusted Linux, but it looks promising. They offer simpler to administer security, with a more clearly defined objective (greater design assurance) and more mature development models. (still greater assurance)

    just my two bits

    catch

    d'oh forgot to add links:
    http://argus-systems.com/product/overview/lx/
    http://www.nsa.gov/selinux/
    http://www.hpl.hp.com/research/papers/trustedlinux.html

  2. #12
    Senior Member
    Join Date
    Aug 2002
    Posts
    508

    Re: Additional Security Measures for *nix

    Originally posted here by thehorse13


    Whenever I am asked to prepare a *nix server, I *always* issue these commands to check and see which files are SUID,GUID and world-writable.

    * For SUID:
    ==============================

    find / -type f -perm -4000 -ls

    ** For GUID
    ==============================
    find / type f -perm -2000 -ls

    Hi guys,

    You wanna try my trick, you just type "one command" and you will have both SUID and GUID instead of typing "# find / -type -perm -4000 -ls and # find / -type f -perm -2000 -ls"
    Code:
    sweet# find / -type f -perm +6000 -ls

    I hope you like my trick


    Cheersss


    annya
    Not an image or image does not exist!
    Not an image or image does not exist!

  3. #13
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    thnx to Ichnisan and thehorse. Good tips.
    Trappedagainbyperfectlogic.

  4. #14
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    I'd just like to add a little advise that was given to me by thehorse13...

    If you've ever used Bastille... learn it on a test box!!!

    I have completely locked myself out of root and my normal user accounts can't do jack on the machine. I locked it down a little TOOOO much! LoL Good thing it was a test box... or I'd be extremely pissed right now... I put quite a bit of work into configuring my real server...

    I actaully can't even reboot the sytem or do anything worthwhile... format and reload.

    Anywho... TEST IT ON A TEST BOX and record what you do...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #15
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Great post, very informative


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  6. #16
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    I am surprised that this has not been posted before with so much destail. Excellent TheHorse.

    About time too

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides