similar to: freebsd kernel hardening tools

Displaying 20 results from an estimated 7000 matches similar to: "freebsd kernel hardening tools"

2008 Jun 06
5
Hardening CentOS by removing "hacker" tools
Hi, My boss asked me to harden a CentOS box by removing "hacker" tools, such as nmap, tcpdump, nc (netcat), telnet, etc. I would like to know which list of packages would you remove from a base install. I would appreciate if someone could point me to a "standard" way of doing this. I know there are procedures for hardening a machine (I remember reading about Bastille Linux)
2014 Oct 18
1
Your experience with os hardening tool - Bastille?
Hi All:) I would like to start using a tool for automating of os hardening. I found some informations about Bastille. One things which attracted my attention is that in http://bastille-linux.sourceforge.net/news_updates.htm the last post is from January 29th, 2012 :D Is the tool ready to use at the moment with CentOS 6/7? Are there any alternatives which you can recommend? Thanks for all info
2011 Jun 02
3
Bastille-linux
Has anyone got Bastille-linux running on Centos-5.6? http://bastille-linux.sourceforge.net claims RHEL5 support but I ran into problems running it on a Centos 5.6 test system. First I had to "ln -s /usr/lib64/Bastille /usr/lib" just to get it to run at all. Then I tried faking /etc/redhat-release with Red Hat Enterprise Linux Server release 5.6 ... but I get this (why would it want
2003 Jul 26
5
suid bit files + securing FreeBSD
Hello everybody, I'm a newbie in this list, so I don't know if it's the appropriate place for my question. Anyway, I'd be happy to find out the solution. Please, has anyone simple answer for: I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to
2012 May 25
4
PCI/DSS compliance on CentOS
I have a client project to implement PCI/DSS compliance. The PCI/DSS auditor has stipulated that the web server, application middleware (tomcat), the db server have to be on different systems. In addition the auditor has also stipulated that there be a NTP server, a "patch" server, The Host OS on all of the above nodes will be CentOS 6.2. Below is a list of things that would be
2009 Dec 28
4
Hardening
Hi Guys, I would like advice for best practices to secure my linux boxes. Know if I have been hacked, know of security breaches, etc. Can anyone provide advice? -Jason
2017 Jul 09
2
Hardening Apache on CentOS 7
Hi, Some time ago one of my public servers (running Slackware64 14.0) got attacked and was misused to send phishing emails. This misadventure made me more concerned about security, so I spent the last few weeks catching up on security, reading docs about SELinux and how to use it, etc. I have a public sandbox server running CentOS 7, and I'm currently experimenting quite a lot with Apache
2004 Nov 22
0
Asterisk and Bastille
Has anyone also run Bastille on the Asterisk pbx? Here's the link: http://www.bastille-linux.org/ It's a Linux hardening add-on. I was wondering if it'd mess up my Asterisk installation if I also installed Bastille, if it was a good idea to install it and work through the problems that may arise - or if it's not necessary. Makarios Communications, LLC Network Monitoring,
2003 Jul 08
4
Hardening production servers
Greetings, Apologies if this is not the appropriate list, but my questions are about best practices in maintaining production servers (so I believe I can justify a post in -stable, short of a -release list :) I maintain a modest installation of 6 FreeBSD servers. They're CVSUP'd to RELENG_4_8 (I make buildworld on each individually) and I portupgrade ports as necessary. In an attempt to
2013 Jan 27
0
puppet + openscap / hardening
Hi All, I noticed that a few years back, someone from Puppet Labs (well Reductive Labs at that time) reached out to the openscap list in an attempt to collaborate on puppet modules: https://www.redhat.com/archives/open-scap-list/2010-March/msg00000.html it seems like the aqueduct project is/was working on a similar ''harden through puppet modules'' approach:
2010 Feb 17
1
Linksys 160nl
I'm finally biting the bullet, and replacing the 12-yr-old box that's been my firewall/router with an appliance. First, does anyone have any idea whether the WRT160 nl can use tomato? Second, is there any way, or any reason, I could/would want to run bastille against the firmware? mark
2018 Mar 23
5
RFC: Speculative Load Hardening (a Spectre variant #1 mitigation)
Hello all, I've been working for the last month or so on a comprehensive mitigation approach to variant #1 of Spectre. There are a bunch of reasons why this is desirable: - Critical software that is unlikely to be easily hand-mitigated (or where the performance tradeoff isn't worth it) will have a compelling option. - It gives us a baseline on performance for hand-mitigation. - Combined
2010 Sep 18
4
securing centos 5.2 for public usage
Dear all, i Just finished setting up an apache service on a centos 5.2 VM machine. i need to secure this machine as i'm soon to be setting a public IP over it where i'd be opening up the following services: 1. http 2. https 3. ssh Things i've done so far: 1. stopped root ssh access in sshd.conf 2. tried configuring PAM so i get a more secure ssh passwords (dictionary wise) as
2009 Jun 27
6
server is always getting hacked
WE have a centos 5.3 install, and our server is keep getting hacked. We see load averages of 500+ and see people from all over the world logging into our server (used last). Is there a good place to start to avoid these kinds of things? For example, here is what I already did. Open up sshd port only setup iptables to only accept port 80 and 22 No FTP No other ports are allowed according to IP
2005 Feb 21
2
Problems with Samba and security hardened WinXP SP2 clients
We're running Fedora Core and Samba-3.0.8-0.pre1.3 and we're authenticating our Windows XP users against Active Directory running on Windows 2003. Everything works fine! But now we're trying to secure and harden our WinXP machines and now when any user logged into a secured WinXP they get the errormessage "The account is not authorized to log in from this station". I browsed
2018 Mar 30
0
debian lintian warn: hardening-no-fortify-functions
> On 30 March 2018 at 15:08 "A. Schulze" <sca at andreasschulze.de> wrote: > > > Hello, > > to build + packages dovecot I use the usual Debian tool chain. That includes build with selected GCC options and running lintian. > > I notice since a long time (read: many earlier versions, up to 2.2.35) this lintian warnings: > > I: dovecot-core:
2002 Nov 19
2
Shorewall operating status and how to stay "blocked"
Hi all, I have just started using shorewall. So far so good. I have two questions which I cant find an answer to either on the website or googling. They may be stupid so please forgive my ignorance. 1) What is shorewalls preferred operating status, running or stopped? What I mean is, some firewalls start-up and run, and they do their thing, then they stop. But the firewall is still really
2003 Sep 16
5
boot -s - can i detect intruder
Hi list Several people have physical access to my FreeBSD box and I have the feeling that somebody try to get access with boot -s options . Can I log activity after boot -s option (change user password, install software and etc.). I use boot -s and change user password, but after reboot i can't find this atcivity in log files. The BSD box is shutdown and run again many time at day. Best
2018 Mar 30
2
debian lintian warn: hardening-no-fortify-functions
Hello, to build + packages dovecot I use the usual Debian tool chain. That includes build with selected GCC options and running lintian. I notice since a long time (read: many earlier versions, up to 2.2.35) this lintian warnings: I: dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/auth N: N: This package provides an ELF binary that lacks the use of fortified libc N:
2004 Oct 22
6
Bluetooth, palm, ppp and shorewall
Hi Folks! I''m new to shorewall (in the process of switching from Bastille), and I have a question as to how to address using Bluetooth enabled Palms with a BT dongle on a linux box protected by shorewall. Basically I followed the directions located at http://www.metacon.ca/bcs/view.php?page=bluetooth to get things working strictly with iptables, specifically: echo