How to check whether system is OS hardened? - Unix

This is a discussion on How to check whether system is OS hardened? - Unix ; How do we check whether the system is OS hardened or not. I am aware of only the following: - To check whether tcpd(TCP wrapper) is running or not -> ps -eaf|grep tcpd - To check whether JASS packages are ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: How to check whether system is OS hardened?

  1. How to check whether system is OS hardened?

    How do we check whether the system is OS hardened or not.

    I am aware of only the following:
    - To check whether tcpd(TCP wrapper) is running or not -> ps
    -eaf|grep tcpd
    - To check whether JASS packages are installed -> pkginfo|grep -i jass

    Are there better alternatives to check it?


  2. Re: How to check whether system is OS hardened?

    In comp.unix.solaris qazmlp1209@rediffmail.com wrote:
    > How do we check whether the system is OS hardened or not.
    >
    > I am aware of only the following:
    > - To check whether tcpd(TCP wrapper) is running or not -> ps
    > -eaf|grep tcpd
    > - To check whether JASS packages are installed -> pkginfo|grep -i jass
    >
    > Are there better alternatives to check it?


    Endless ones. First of all, make sure you realise that 'hardened' isn't
    a binary function: a computer isn't either hardened or not, but rather
    is going to be harder than some arbitrary watermark. If you have a standard
    in place, then hardened means hardened to that standard. If you don't, then
    who knows what's meant by the term?

    At any rate, grep for running services in /etc/inetd.conf. nmap the box
    from another machine on the same subnet, and see what ports are open.
    Look for .rhosts files, check for root console login in /etc/default/login,
    see if random packet numbers are enabled. Are unnecessary /etc/rcX.d
    services getting started? Is tripwire or aide installed? How about logging--
    is stuff being forwarded to a central log server?

    You can keep hardening a box until a live network connection isn't even an
    access point, but it's probably not a lot of use. The real key to hardening
    a box successfully is twofold: (a) define what constitutes hardened, and
    (b) defining (and running) the tests against that standard.

    Colin

  3. Re: How to check whether system is OS hardened?

    qazmlp1209@rediffmail.com wrote:
    > I am aware of only the following:
    > - To check whether tcpd(TCP wrapper) is running or not -> ps
    > -eaf|grep tcpd
    > - To check whether JASS packages are installed -> pkginfo|grep -i jass


    Those are only examples of how hardening (automagically or manually) can
    be approached. You can only determine (part of!) what has been done this
    way, but hardly what hasn't been done, or what else has been done.

    > Are there better alternatives to check it?


    Actually test. Vuln-scanners, etc.
    E.g. run nessus - recent version - against it.

    Nessus is free but has received one of the best results in a recent test
    by the German professional IT rag, iX.

    Note that if the computers you do this on, or even the network you test
    the attacks over, do not belong to you (I'm not insinuating anything,
    but e.g. you might be in a consulting role), you *must* talk this over
    with somebody who controls the boxen/infrastructure beforehand.

    lg, Bernd
    --
    When emailing me, excuse my annoing spamfilter - it works for me.

+ Reply to Thread