Intent to Investigate/ITP: SuSE-provided security tools
I intend to investigate, adapt, and package those (legally and
technically) Debian-usable parts of this collection, recently
announced by SuSE. If anyone else is (or is interested in)
working on any of these, please let me know.
>Date: Fri, 26 Nov 1999 23:22:10 +0100 (MET)
>From: firstname.lastname@example.org (Marc Heuse)
>Subject: [linux-security] SuSE Security Announcement - new security tools
>Tools developed by SuSE (all open source) and included in SuSE 6.3 :
>SuSE FTP Proxy - The first program of the SuSE Proxy Suite.
> A secure FTP proxy with support for SSL, LDAP, command
> restriction, active and passive FTP support, and much more.
> RPM: fwproxy.rpm, fwproxys.rpm (SSL - not in the US version)
>SuSE Firewall - The new firewall script from SuSE, rewritten from scratch.
> Autodetection of interface information, masquerading,
> autoprotection of services, protection from internal
> networks, fail-close design and easy to configure.
> RPM: firewals.rpm
>Harden SuSE - A special script for hardening a SuSE Linux 5.3 - 6.3.
> By answering 9 questions, the system is reconfigured very
> tightly. e.g. disabling insecure network services, removing
> suid/sgid/world-writable permissions which are not critical.
> RPM: hardsuse.rpm
>SuSE Secumod - This loadable kernel module enhances the security of the
> system by adding a symlink/hardlink/pipe protection,
> procfs protection, trusted path execution and capabilities.
> RPM: secumod.rpm
>SuSE Secchk - These are cron scripts which run daily, weekly and monthly
> to check the security of the system and compare them to the
> last run.
> RPM: seccheck.rpm
>Yast-1 - New administration menu for setting password aging,
> authentication fail delay and logging of logins + failures.
> RPM: yast.rpm
>SuSE auditdisk - Please note that this tool is in beta phase!
> This tool generates a bootdisk with checksum data and all
> binaries etc. needed to automaticaly verify file checksums
> upon booting. This way it can't be subverted by lkm's like a
> standard e.g. tripwire installation.
> WWW: http://www.suse.de/~marc - not included on SuSE 6.3 yet
>Watch out for updates of these tools on our WWW or FTP update sites.
>Although these are tools developed by SuSE, they (should) work on any Linux
>distributions with little problems.