Re: Comparing linux distros.

[Alvin Oga <alvin.sec () Virtual Linux-Consulting com>]

hi ya lars

> I'v just started on my bachlor paper. It's about comparing 4 different

good project ..

for repeatability and expandability,

        i'd like to suggest that the "testing process" where possible be
        done by automated scripts AFTER the initial ssystem has been
        installed from the distro cdrom 

        - that'd be lots of testing scripts for each "item" you want
        to check for each distro

> linux distros (debian, slack, mandrake, fedora). I'm going to have a

i hate to add mroe work for you, but you should seriously consider
redhat and suse too .. since those are $3,000 software packages
( is it worth the $$$ for it to say "enterprise blah blah" )

> look at how well the diffent system are protected. All distro's are
> going to be installed with default settings, so they should almost be at
> the same level.  I would like to test how well they are secured
> out-of-the-box. 

very good ... :-) especially with the defaults kernels too ..

> Both from remote and from local consoll. 

you might not get the same results if you allow the tests from remote
(network) install vs a local install from cdrom 

> What I have set up to now;
> - Port scanning;
>       I would like to do a portscan (using nmap)
>       Maping service that are running as default on every distro. 
>       Check if any of the distro have any default settings for logging
>       such activites. trough out /var/log/* or any where els. 
>       Also using the -O -v flag for nmap so I can get information      about
> TCP sequence prediction, and IPID sequence generation. 

you'd also want to know that the apache or sendmail or exim  or bind
that is running is an exploitqable version ..

        - one typically does not care that port 53, port25, port80 is open


> - Nessus vun. test;
>       Run a test just to check the results, compared to what I'v got from
> nmap. 

different kind of tests results between nessus and nmap ..

nessus does a lot more

> - Local file security;
>       I'v notice that on some box's there are special commands, ex,
> ' /bin/ping '. Are the other program that you would like to check
> priviliges to? and what about normal users reading system files,
> configures settings under /etc/* , any viewpoints? 

just about every distro have their default setting for the beginners
and NOT very secure 

the default installs also have "online updates" that they allow
when its first installed
        - is an online update considered "out-of-the-box" install ??

        i say it is, since its one of the very first thing you
        should be REQUIRED to do ... before using it 
        ( and even slackware has online patches )

> The hole point for my bachlors paper is comparing the 4 distro's up
> agains eachother. Bare in mind, this is just a small part of the hole
> bachlor paper, so I don't want to go all the way to the bottom. 

that is the resulting comparison supposed to show ???

        -  that redhat's kernels is hackable ??

        - that debian's default install is a modified version   
        compared to the same app installed on other distro ?

        - ease of installation and patches ??

        - time to install ??

        - how ez it would be to hack into the default config  ??

        - how ez it is to ddos the default server into useless continuum ??

> Any suggestions? on what do you guys think I should include?, or drop
> out...
 
i'd drop mandrake ...  as it's NOT in the list of "distro's" that
people/corps are willing to pay $$$ for it being installed and shipped
to the corp or individual clients

        - we also spend a day to tweek the "security" of the servers
        if they are wanting a "clean hardened" server vs generic
        5min cdrom install

c ya
alvin