Security Basics mailing list archives
Re: Comparing linux distros.
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Thu, 24 Feb 2005 20:08:55 -0800 (PST)
hi ya lars
I'v just started on my bachlor paper. It's about comparing 4 different
good project .. for repeatability and expandability, i'd like to suggest that the "testing process" where possible be done by automated scripts AFTER the initial ssystem has been installed from the distro cdrom - that'd be lots of testing scripts for each "item" you want to check for each distro
linux distros (debian, slack, mandrake, fedora). I'm going to have a
i hate to add mroe work for you, but you should seriously consider redhat and suse too .. since those are $3,000 software packages ( is it worth the $$$ for it to say "enterprise blah blah" )
look at how well the diffent system are protected. All distro's are going to be installed with default settings, so they should almost be at the same level. I would like to test how well they are secured out-of-the-box.
very good ... :-) especially with the defaults kernels too ..
Both from remote and from local consoll.
you might not get the same results if you allow the tests from remote (network) install vs a local install from cdrom
What I have set up to now; - Port scanning; I would like to do a portscan (using nmap) Maping service that are running as default on every distro. Check if any of the distro have any default settings for logging such activites. trough out /var/log/* or any where els. Also using the -O -v flag for nmap so I can get information about TCP sequence prediction, and IPID sequence generation.
you'd also want to know that the apache or sendmail or exim or bind that is running is an exploitqable version .. - one typically does not care that port 53, port25, port80 is open
- Nessus vun. test; Run a test just to check the results, compared to what I'v got from nmap.
different kind of tests results between nessus and nmap .. nessus does a lot more
- Local file security; I'v notice that on some box's there are special commands, ex, ' /bin/ping '. Are the other program that you would like to check priviliges to? and what about normal users reading system files, configures settings under /etc/* , any viewpoints?
just about every distro have their default setting for the beginners and NOT very secure the default installs also have "online updates" that they allow when its first installed - is an online update considered "out-of-the-box" install ?? i say it is, since its one of the very first thing you should be REQUIRED to do ... before using it ( and even slackware has online patches )
The hole point for my bachlors paper is comparing the 4 distro's up agains eachother. Bare in mind, this is just a small part of the hole bachlor paper, so I don't want to go all the way to the bottom.
that is the resulting comparison supposed to show ??? - that redhat's kernels is hackable ?? - that debian's default install is a modified version compared to the same app installed on other distro ? - ease of installation and patches ?? - time to install ?? - how ez it would be to hack into the default config ?? - how ez it is to ddos the default server into useless continuum ??
Any suggestions? on what do you guys think I should include?, or drop out...
i'd drop mandrake ... as it's NOT in the list of "distro's" that people/corps are willing to pay $$$ for it being installed and shipped to the corp or individual clients - we also spend a day to tweek the "security" of the servers if they are wanting a "clean hardened" server vs generic 5min cdrom install c ya alvin
Current thread:
- Re: Comparing linux distros. Alvin Oga (Feb 28)
- <Possible follow-ups>
- Re: Comparing linux distros. Ankush Kapoor (Feb 28)
- RE: Comparing linux distros. Maciej Bonin (Feb 28)