Is there a step by step approach to securing CentOS 4X (or even RHEL 4X)? I don't mean the stuff in the docs/security guide but a working step by step guide? There used to be packages like rkhunter and tripwire but I don't know if the ones in rpmforge/kbs repo are up to date.
Thanks, Josh.
On Thu, Sep 18, 2008 at 4:31 PM, Josh Donovan josh.dvan@yahoo.co.uk wrote:
Is there a step by step approach to securing CentOS 4X (or even RHEL 4X)? I don't mean the stuff in the docs/security guide but a working step by step guide? There used to be packages like rkhunter and tripwire but I don't know if the ones in rpmforge/kbs repo are up to date.
The NSA has security guides online, including for RHEL. It seems only RHEL 5 it seems, but I presume a lot of stuff from it can be used for RHEL/C 4.
Regards, Tim
On Thu, 2008-09-18 at 14:31 +0000, Josh Donovan wrote:
Is there a step by step approach to securing CentOS 4X (or even RHEL 4X)? I don't mean the stuff in the docs/security guide but a working step by step guide? There used to be packages like rkhunter and tripwire but I don't know if the ones in rpmforge/kbs repo are up to date.
For rkhunter, as far as I can remember, the Fedora 8/9 packages are upto date, so you could download one of those from a mirror and install it. Personally, I install rkhunter from source, but you can build an RPM from the source tarball if you want (the source includes an RPM spec file). Latest version is 1.3.2.
John.
John Horne wrote:
For rkhunter, as far as I can remember, the Fedora 8/9 packages are upto date, so you could download one of those from a mirror and install it. Personally, I install rkhunter from source, but you can build an RPM from the source tarball if you want (the source includes an RPM spec file). Latest version is 1.3.2.
I haven't looked at Fedora for a long time but what is in the EPEL? i.e. http://fedora.tu-chemnitz.de/pub/linux/fedora-epel/4AS/i386/ There seems to be an rkhunter updated in Sep 2008 is that for RHEL4 AS?
Will the Fedora SRPMS (tripwire, rkhunter) for Fedora 8/9 rebuild without wanting a ton of stuff updated?
Thanks, Josh.
On Thu, Sep 18, 2008 at 11:31 AM, Josh Donovan josh.dvan@yahoo.co.uk wrote:
John Horne wrote:
For rkhunter, as far as I can remember, the Fedora 8/9 packages are upto date, so you could download one of those from a mirror and install it. Personally, I install rkhunter from source, but you can build an RPM from the source tarball if you want (the source includes an RPM spec file). Latest version is 1.3.2.
I haven't looked at Fedora for a long time but what is in the EPEL? i.e. http://fedora.tu-chemnitz.de/pub/linux/fedora-epel/4AS/i386/ There seems to be an rkhunter updated in Sep 2008 is that for RHEL4 AS?
Will the Fedora SRPMS (tripwire, rkhunter) for Fedora 8/9 rebuild without wanting a ton of stuff updated?
For CentOS5, I'd recommend using aide instead of tripwire. The two do pretty much the same thing, but aide comes with centos5 by default (and is recommended in the NSA guide)
On Thursday 18 September 2008 16:35, Jim Perrin wrote:
For CentOS5, I'd recommend using aide instead of tripwire. The two do pretty much the same thing, but aide comes with centos5 by default (and is recommended in the NSA guide)
aide is now provided in 4.7 as well.
Regards Nick.
--- Nick Goddard.
Nick Goddard wrote:
aide is now provided in 4.7 as well.
I installed aide and did # aide --init. Does it not mail root like tripwire used to each morning? The manual is does not mention mailing root.
http://www.cs.tut.fi/~rammer/aide/manual.html
Thanks, Josh.
On Friday 19 September 2008 09:08, Josh Donovan wrote:
Nick Goddard wrote:
aide is now provided in 4.7 as well.
I installed aide and did # aide --init. Does it not mail root like tripwire used to each morning? The manual is does not mention mailing root.
http://www.cs.tut.fi/~rammer/aide/manual.html
Thanks, Josh.
Hi,
I just put a simple script into /etc/cron.daily that called 'aide --check' and piped the output through mail to an appropriate account.
Regards Nick.
On Thu, 2008-09-18 at 15:31 +0000, Josh Donovan wrote:
John Horne wrote:
For rkhunter, as far as I can remember, the Fedora 8/9 packages are upto date, so you could download one of those from a mirror and install it. Personally, I install rkhunter from source, but you can build an RPM from the source tarball if you want (the source includes an RPM spec file). Latest version is 1.3.2.
I haven't looked at Fedora for a long time but what is in the EPEL?
EPEL=Extra Packages for Enterprise Linux http://fedoraproject.org/wiki/EPEL
i.e. http://fedora.tu-chemnitz.de/pub/linux/fedora-epel/4AS/i386/ There seems to be an rkhunter updated in Sep 2008 is that for RHEL4 AS?
Well it seems to be the 1.3.2 version, so I would say it is good. RKH (rkhunter) is very generic, so it should work under any (at least most!) versions of Unix and Linux (regardless of whether they are RHEL WS, ES or AS).
Will the Fedora SRPMS (tripwire, rkhunter) for Fedora 8/9 rebuild without wanting a ton of stuff updated?
RKH only requires a couple of basic packages - typically just a downloader like 'wget' and 'perl'.
As someone has already suggested, I would use something like aide or samhain instead of tripwire.
John.
-
Jim Perrin -
John Horne -
Josh Donovan -
Nick Goddard -
Tim Verhoeven