LINUX SECURITY --- August 22, 2000
Published by ITworld.com, the IT problem-solving network
http://www.itworld.com/newsletters
*********************************************************************
HIGHLIGHTS
* Rick reviews more Linux security tools:
* Harden your installations with Bastille Linux.
* Snort sniffs out those network intrusions.
* GnuPG, the open-source replacement for PGP.
*********************************************************************
Must Have Linux Security Tools, Part II
by Rick Johnson
Our past newsletter, entitled "Must Have Linux Security Tools", detailed
a few helpful programs and provoked quite a response from readers. In
fact, the feedback was so positive we decided to list a few more tools
that every serious Linux Security Engineer should review. While these
have been found useful to the author, user discretion is advised.
* Bastille Linux (http://www.bastille-linux.org/) -- Bastille Linux
is a project to secure existing Linux distributions. It attempts
to harden your current installation by making your server much
more difficult to crack. Bastille will lock down configurations on
system daemons, replace insecure protocols with encrypted ones and
disable unused and insecure services. In addition, Bastille will
actually educate you about each action presented as a possible
change.
Bastille currently supports RedHat and Mandrake systems, and while
it should be run on a fresh system, that is no longer required.
Other useful features include an undo option for any files
changed, the ability to rerun Bastille to keep a system hardened
and the option to write all possible changes to a log file instead
of actually changing system files.
* Snort (http://www.snort.org/) -- Snort is a network intrusion
detection system or sniffer as some like to call it. It can
perform protocol analysis, content matching and can be used to
detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, and OS fingerprinting
attempts.
Snort uses a flexible rules language to describe traffic that
should be collected or ignored. The project's Web page also
houses an extremely useful interface for generating the rules.
One of Snort's most unique features is the real-time alerting
capability. Possible choices for notification are syslog, a user
specified file, a UNIX socket, or WinPopup messages to Windows
clients using Samba's smbclient.
* GNU Privacy Guard (http://www.gnupg.org/) -- GnuPG is a complete
and free open-source replacement for PGP. Since it does not use
IDEA or RSA, GnuPG may be used without any restrictions. Also
offered by GnuPG is full RFC2440 (OpenPGP) compliance. Some
useful features include the decryption and verification PGP 5.x
messages and the support for key and signature expiration dates.
If you are familiar with the command structure of PGP, then
converting should be no problem at all.
One of the most compelling reasons to switch from PGP to GnuPG is
the thought that all current versions of PGP support some form of
third party access to cryptographic keys. This "feature" has lead
to a lack of public confidence in versions of PGP released after
2.6.2.
Once again, if you are the developer of a product that is unique and
worthy of mention, please send the author an informational email.
Remember, no tool can guarantee the safety of your network, but if used
properly they sure won't hurt.
Resources
Sniffing out the Black Hats: Preventive medicine for DoS attacks
http://mithras.itworld.com/articles/columns/net-currier-0218-prod.html
Securing Linux, Part 2
Advanced Linux security.
http://www.linuxworld.com/linuxworld/lw-1999-06/lw-06-ramparts.html
Flaw found in PGP 5.0
http://www2.itworld.com/cma/ett_article_frame/0,2848,1_866,00.html
************************************************************************
About the author
----------------
Rick Johnson is currently the Manager of Security Services for
FusionStorm, a remote managed services company. When not writing, he
heads the development team for PMFirewall, an Ipchains Firewall and
Masquerading Configuration Utility for Linux. Rick can be contacted via
email at rick@pointman.org or on the web at http://www.pointman.org.
*********************************************************************
<<attachment: winmail.dat>>