Security Basics mailing list archives
Comparing linux distros.
From: Lars Georg Paulsen <maillist () braindead nu>
Date: Tue, 22 Feb 2005 15:22:24 +0100
Hi list. I'v just started on my bachlor paper. It's about comparing 4 different linux distros (debian, slack, mandrake, fedora). I'm going to have a look at how well the diffent system are protected. All distro's are going to be installed with default settings, so they should almost be at the same level. I would like to test how well they are secured out-of-the-box. Both from remote and from local consoll. What I have set up to now; - Port scanning; I would like to do a portscan (using nmap) Maping service that are running as default on every distro. Check if any of the distro have any default settings for logging such activites. trough out /var/log/* or any where els. Also using the -O -v flag for nmap so I can get information about TCP sequence prediction, and IPID sequence generation. - Nessus vun. test; Run a test just to check the results, compared to what I'v got from nmap. - Local file security; I'v notice that on some box's there are special commands, ex, ' /bin/ping '. Are the other program that you would like to check priviliges to? and what about normal users reading system files, configures settings under /etc/* , any viewpoints? The hole point for my bachlors paper is comparing the 4 distro's up agains eachother. Bare in mind, this is just a small part of the hole bachlor paper, so I don't want to go all the way to the bottom. Any suggestions? on what do you guys think I should include?, or drop out... thanks in advance. cheers Lg -- Lars Georg Paulsen <maillist () braindead nu>
Current thread:
- Comparing linux distros. Lars Georg Paulsen (Feb 24)