tool to check security

Paul M. Whitney paul.whitney at me.com
Tue Feb 1 18:54:51 UTC 2011 

ESG,

There are plenty of resources on the Internet that will provide the type of information you are seeking.  A commercial tool that is popular and I imagine expensive is RETINA.  It compares the content of your system against known vulnerabilities among other things.  (http://www.eeye.com/Products/Retina.aspx?src=AdWords&medium=PPC&campaign=brand-retina&kw=retina%20vulnerability%20scanner&ad=5752100123)

You can also look at NIST web pages for SCAP and OVAL for tools that may help you with securing your system.  And while I would not recommend following it to the letter, there is a huge amount of tips and suggestions in the NSA SNAC Guide available here:
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

You may also want to consider reading up on the NIST Common Criteria/Protection Profiles that companies such as HP and IBM have developed to secure their systems with an Evaluated Assurance Level of 4 (EAL4).

Lastly, not upgrading your system to the latest RHEL release is going to negate any efforts you apply to this system because there have been many updates to the OS that mitigate a great deal of these vulnerabilities.

Hopefully with all the input provided to this point will give you plenty to work with.

Paul 



On Feb 01, 2011, at 12:07 PM, ESGLinux <esggrupos at gmail.com> wrote:


Thanks you for your answers

First, I can´t update to 5.6 because dependencies of the applications
installed on it.

Second,

I have run nessus and nmap from outside the machine to get the problems that
a remote user can check.

What I want now is to check the problems like:
- current kernel 2.6.18-53.el5 has pottential security problems... (CVE,
...)
- the user John has not password and a valid shell....
- given a package which CVEs affects this package

Something like these.

I´m going to give a try to bastille although the tool I´m looking for was a
shell command....

Thanks again,

ESG












2011/2/1 <m.roth at 5-cent.us>

> ESGLinux wrote:
> >
> > I have received a machine with RHEL 5.1installed and I have to put in a
> > production enviroment with other machines I have installed.
>
> First, I'd yum update or up2date it to the current 5.5 (5.6?).
> >
> > I haven´t installed this machine and I want to check if it is secured and
> > it can´t make problems with my systems.
> >
> > Long time ago I used a tool that your run on a system (perhaps it was a
> > Suse... I used to work with Suse in the past) and it gave me a report for
> > possible security problems but I can´t remmember which tool was.
> >
> > Any one knows a tool that makes this work?
>
> There are a number of tools, but it depends on what you want to do with
> the box. For example, nmap will scan ports. On the other hand, there's my
> favorite, Bastille Linux, which is not a distro, but a package that's a
> set of hardening scripts, and will walk you through shutting down or
> removing everything you don't need. I've used that on a box I was using
> for years as a firewall/router.
>
> So, what do you want to do with the box?
>
> mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list