Hardening Fedora...
neil
neilcuk at aol.com
Wed Apr 28 09:42:54 UTC 2004
Rod Hauser wrote:
>Bastille is a good tool, as well as a good learning experience.
>So is the CISecurity benchmark
>http://www.cisecurity.org/bench_linux.html
>
>which is particularly designed to be non-invasive tools.
>
>Neither one will make your system bullet-proof, but both will help you keep
>from being the lowest-hanging fruit to be attacked.
>Rod
>
>
>
>>>I know that someone posted it before, but I couldn't find any references
>>>to a Tripwire substitute.
>>>
>>>
>>Aide is a pretty good sub. Google for the homepage.
>>
>>
>http://www.cs.tut.fi/~rammer/aide.html
>http://sourceforge.net/projects/aide
>
>
>
RedHat have phased out Tripwire from their EL range. They tout the use
of 'RPM -V [options] [filename]' It does a fairly decent job - if you
only use RPMs for your package installations. However - if you're aiming
at hard security it would be wise to only use base distro releases in
the first case and harldy ever compiled from archived in the second. The
return values take a moment to decipher and as of yet I haven't tried
getting a cron job enabled to do this and report anything back -
although this shouldn't take very long if one needed to.
neil.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040428/2d70c506/attachment-0001.htm>
More information about the fedora-list
mailing list