Comparing linux distros.

[Lars Georg Paulsen <maillist () braindead nu>]

Hi list. 

I'v just started on my bachlor paper. It's about comparing 4 different
linux distros (debian, slack, mandrake, fedora). I'm going to have a
look at how well the diffent system are protected. All distro's are
going to be installed with default settings, so they should almost be at
the same level.  I would like to test how well they are secured
out-of-the-box. 
Both from remote and from local consoll. 

What I have set up to now;
- Port scanning;
        I would like to do a portscan (using nmap)
        Maping service that are running as default on every distro. 
        Check if any of the distro have any default settings for logging
        such activites. trough out /var/log/* or any where els. 
        Also using the -O -v flag for nmap so I can get information      about
TCP sequence prediction, and IPID sequence generation. 

- Nessus vun. test;
        Run a test just to check the results, compared to what I'v got from
nmap. 

- Local file security;
        I'v notice that on some box's there are special commands, ex,
' /bin/ping '. Are the other program that you would like to check
priviliges to? and what about normal users reading system files,
configures settings under /etc/* , any viewpoints? 

The hole point for my bachlors paper is comparing the 4 distro's up
agains eachother. Bare in mind, this is just a small part of the hole
bachlor paper, so I don't want to go all the way to the bottom. 

Any suggestions? on what do you guys think I should include?, or drop
out...

thanks in advance. 

cheers
Lg


-- 
Lars Georg Paulsen <maillist () braindead nu>