Re: tool to check security



ESG,

There are plenty of resources on the Internet that will provide the type of information you are seeking. A commercial tool that is popular and I imagine expensive is RETINA. It compares the content of your system against known vulnerabilities among other things. (http://www.eeye.com/Products/Retina.aspx?src=AdWords&medium=PPC&campaign=brand-retina&kw=retina%20vulnerability%20scanner&ad=5752100123)

You can also look at NIST web pages for SCAP and OVAL for tools that may help you with securing your system. And while I would not recommend following it to the letter, there is a huge amount of tips and suggestions in the NSA SNAC Guide available here:
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

You may also want to consider reading up on the NIST Common Criteria/Protection Profiles that companies such as HP and IBM have developed to secure their systems with an Evaluated Assurance Level of 4 (EAL4).

Lastly, not upgrading your system to the latest RHEL release is going to negate any efforts you apply to this system because there have been many updates to the OS that mitigate a great deal of these vulnerabilities.

Hopefully with all the input provided to this point will give you plenty to work with.

Paul



On Feb 01, 2011, at 12:07 PM, ESGLinux <esggrupos@xxxxxxxxx> wrote:


Thanks you for your answers

First, I can´t update to 5.6 because dependencies of the applications
installed on it.

Second,

I have run nessus and nmap from outside the machine to get the problems that
a remote user can check.

What I want now is to check the problems like:
- current kernel 2.6.18-53.el5 has pottential security problems... (CVE,
...)
- the user John has not password and a valid shell....
- given a package which CVEs affects this package

Something like these.

I´m going to give a try to bastille although the tool I´m looking for was a
shell command....

Thanks again,

ESG












2011/2/1 <m.roth@xxxxxxxxx>

ESGLinux wrote:
>
> I have received a machine with RHEL 5.1installed and I have to put in a
> production enviroment with other machines I have installed.

First, I'd yum update or up2date it to the current 5.5 (5.6?).
>
> I haven´t installed this machine and I want to check if it is secured and
> it can´t make problems with my systems.
>
> Long time ago I used a tool that your run on a system (perhaps it was a
> Suse... I used to work with Suse in the past) and it gave me a report for
> possible security problems but I can´t remmember which tool was.
>
> Any one knows a tool that makes this work?

There are a number of tools, but it depends on what you want to do with
the box. For example, nmap will scan ports. On the other hand, there's my
favorite, Bastille Linux, which is not a distro, but a package that's a
set of hardening scripts, and will walk you through shutting down or
removing everything you don't need. I've used that on a box I was using
for years as a firewall/router.

So, what do you want to do with the box?

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



Relevant Pages

  • Re: tool to check security
    ... given a package which CVEs affects this package ... I used to work with Suse in the past) and it gave me a report for ... For example, nmap will scan ports. ... favorite, Bastille Linux, which is not a distro, but a package that's a ...
    (RedHat)
  • [ESA-20010816-01] fetchmail-ssl memory overwrite vulnerability
    ... fetchmail-ssl memory overwrite vulnerability ... EnGarde Secure Linux is a secure distribution of Linux that features ... While doing a routine security audit of the fetchmail package (named ... These updated packages are for EnGarde Secure Linux 1.0.1. ...
    (Bugtraq)
  • [ESA-20020301-005] apache (mod_ssl) session caching buffer overflow
    ... EnGarde Secure Linux is a secure distribution of Linux that features ... There is a buffer overflow in mod_ssl, part of EnGarde's apache package, ... These updated packages are for EnGarde Secure Linux 1.0.1. ...
    (Bugtraq)
  • Re: freebsd
    ... need additional package like updates and other useful software,and can ... you tell how secure it is how protected i will be if i use freebsd ... which is the property of the sender. ... The information in this e-mail or attachments thereto is ...
    (freebsd-questions)
  • Re: Using an SSIS Package to HTTPS a File
    ... I was able to use that package to download a file using HTTP. ... uses HTTPS to log onto a secure website and download 3 files. ...
    (microsoft.public.sqlserver.dts)