Search for security comparisons of hardened linux - Security

This is a discussion on Search for security comparisons of hardened linux - Security ; Hello, I'm seaching for a serios security comparison between hardened linux distributions and linux hardening methods. It seems, that hardened Gentoo would be the best one, but I have only one source and would like to verify it with another ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Search for security comparisons of hardened linux

  1. Search for security comparisons of hardened linux

    Hello,

    I'm seaching for a serios security comparison between hardened linux
    distributions and linux hardening methods.

    It seems, that hardened Gentoo would be the best one, but I have only
    one source and would like to verify it with another source.

    I know this methods:
    * Openwall
    * PaX (G)
    * SSP (G)
    * grsecurity (G)
    * LIDS
    * SELinux (G)
    * RSBAC (G)

    Hardened Gentoo implements all methods marked with (G).

    Can you help me?

    Bye,
    Mike

    --
    Weil es die Lesbarkeit des Textes verschlechtert.
    > Warum ist TOFU so schlimm?
    >> TOFU
    >>> Was ist das groesste Aergernis im Usenet?


  2. Re: Search for security comparisons of hardened linux

    On Wed, 12 Apr 2006 16:41:43 +0200, M. Decker wrote:

    > I'm seaching for a serios security comparison between hardened linux
    > distributions and linux hardening methods.
    >
    > It seems, that hardened Gentoo would be the best one, but I have only
    > one source and would like to verify it with another source.


    [Snip: a.o. LIDS, SELinux]

    You may also want to have look at Novell AppArmor (formerly of Immunix ?):
    http://en.opensuse.org/Apparmor

    ( And what ever happened to LOMAC?: http://opensource.sparta.com/lomac/ )

    > Can you help me?


    Probably not. However maybe some web search will:

    http://distrowatch.com/search.php?ca...&status=Active
    http://www.cs.wright.edu/~pmateti/Li...cureLinux.html

    --
    -Menno.


  3. Re: Search for security comparisons of hardened linux

    M. Decker wrote:
    > Hello,
    >
    > I'm seaching for a serios security comparison between hardened linux
    > distributions and linux hardening methods.
    >
    > It seems, that hardened Gentoo would be the best one, but I have only
    > one source and would like to verify it with another source.
    >
    > I know this methods:
    > * Openwall
    > * PaX (G)
    > * SSP (G)
    > * grsecurity (G)
    > * LIDS
    > * SELinux (G)
    > * RSBAC (G)
    >
    > Hardened Gentoo implements all methods marked with (G).
    >
    > Can you help me?


    http://www.cisecurity.org

  4. Re: Search for security comparisons of hardened linux

    On Thu, 13 Apr 2006 02:56:34 +0000, base60 wrote:
    > M. Decker wrote:


    >> I'm seaching for a serios security comparison between hardened linux
    >> distributions and linux hardening methods.


    http://linas.org/linux/secure.html

    >> It seems, that hardened Gentoo would be the best one,


    What "would be the best one" for you might differ from what is the best
    one for me. Same deal for any other article author.

    FWIW i'd look at like Adamantix (formerly trusted Debian) atleast:
    http://www.adamantix.org/

    >> but I have only one source


    Can you post a link to it (or maybe just explain in more detail)?

    >> and would like to verify it with another source.
    >>
    >> I know this methods:
    >> * Openwall
    >> * PaX (G)
    >> * SSP (G)
    >> * grsecurity (G)
    >> * LIDS
    >> * SELinux (G)
    >> * RSBAC (G)
    >>
    >> Hardened Gentoo implements all methods marked with (G).
    >>
    >> Can you help me?

    >
    > http://www.cisecurity.org


    Thanks for that link, however what i read here:
    http://www.cisecurity.org/tools2/lin...hmark_v1.0.pdf

    "Slackware comes with two ftp servers * vsftpd (Very Secure File Transfer
    Protocol) proftpd (Professional File Transfer Protocol). Like telnet, the
    FTP protocol is unencrypted, which means passwords and other dat
    transmitted during the session can be captured by sniffing the network,
    and that the FT session itself can be hijacked by an external attacker."

    Lets see:

    menno@pc:~$ for f in /usr/sbin/*ftpd; do echo $f; readelf -a $f |grep -m1 SSL; done
    /usr/sbin/in.proftpd
    080c4770 00000107 R_386_JUMP_SLOT 00000000 SSL_CTX_set_tmp_rsa_ca
    /usr/sbin/in.tftpd
    /usr/sbin/proftpd
    080c4770 00000107 R_386_JUMP_SLOT 00000000 SSL_CTX_set_tmp_rsa_ca
    /usr/sbin/vsftpd
    08063780 00000b07 R_386_JUMP_SLOT 00000000 SSL_get_rbio

    Here is how to configure them with SSL/TLS support:
    http://groups.google.com/group/comp....b2cca3d3814d58

    --
    -Menno.


  5. Re: Search for security comparisons of hardened linux

    Thanks a lot both of you!

    >>> It seems, that hardened Gentoo would be the best one,

    >
    > What "would be the best one" for you might differ from what is the best
    > one for me. Same deal for any other article author.


    You're right... Let me say: "would be my favourite"

    There are never best of all... Perhaps best in this case with that
    knowledge with my view, but never an ultimate best...

    >>> but I have only one source

    >
    > Can you post a link to it (or maybe just explain in more detail)?


    http://en.hakin9.org/
    -> hackin9 magazine Nr. 2/2006 -> "Festung Linux" in german
    But it seems, there is no 2/2006 in English, yet...

    Bye
    --
    Weil es die Lesbarkeit des Textes verschlechtert.
    > Warum ist TOFU so schlimm?
    >> TOFU
    >>> Was ist das groesste Aergernis im Usenet?


+ Reply to Thread