Firewall Wizards mailing list archives
Re: Custom Unix server installations -- to harden extensively ?
From: Crispin Cowan <crispin () immunix com>
Date: Wed, 14 May 2003 07:33:25 -0700
Julian Gomez wrote:
What is the relative opinion of hardening general purpose Unix servers (general == mail, web, db hosts). Obviously, wherever possible, I'd like to get most of the unwanted packages stripped and removed; but very frequently -- this is extremely time consuming and is alot of documentation work (which btw, no one ever bothers to read).
For this kind of configuration management, consider the Bastille project <http://bastille-linux.org/>. Bastille is an open source project to help configure UNIX-like systems to be secure by disabling stuff you don't need. Available for many platforms.
You might also want to consider Immunix. We've been doing this about 2 years longer than Guardian Digital, and we have more security features. For do-it-yourself host hardening you want Immunix 7+, which is what we played at Defcon last year.The only commercial product which comes to mind which I think is to cater for this would be Guardian Digital's offering, though I haven't played withit yet.
Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Custom Unix server installations -- to harden extensively ?, (continued)
- Re: Custom Unix server installations -- to harden extensively ? Paul Robertson (May 13)
- Re: Custom Unix server installations -- to harden extensively ? John Adams (May 13)
- Re: Custom Unix server installations -- to harden extensively ? Julian Gomez (May 15)
- RE: Custom Unix server installations -- to harden extensively ? Keith A. Glass (May 14)
- RE: Custom Unix server installations -- to harden extensively ? Ben Nagy (May 14)
- Re: Custom Unix server installations -- to harden extensively ? Carson Gaspar (May 14)
- Re: Custom Unix server installations -- to harden extensively ? Devdas Bhagat (May 15)
- Re: Custom Unix server installations -- to harden extensively ? Bill Royds (May 16)
- Re: Custom Unix server installations -- to harden extensively ? Marcus J. Ranum (May 15)
- Re: Custom Unix server installations -- to harden extensively ? Matthew Kirkwood (May 16)
- Re: Custom Unix server installations -- to harden extensively ? Devdas Bhagat (May 15)
- Re: Custom Unix server installations -- to harden extensively ? Crispin Cowan (May 14)
- Re: Custom Unix server installations -- to harden extensively ? Mason Schmitt (May 15)
- RE: Custom Unix server installations -- to harden extensively ? salgak (May 15)
- Re: Custom Unix server installations -- to harden extensively ? Barney Wolff (May 15)
- RE: Custom Unix server installations -- to harden extensively ? Keith A. Glass (May 16)
- RE: Custom Unix server installations -- to harden extensively ? R. DuFresne (May 16)
- Re: Custom Unix server installations -- to harden extensively ? Barney Wolff (May 15)