[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Common (basic) security checks for a base installation? (was Re: Security notification script in Perl)



On Fri, Dec 27, 2002 at 01:01:09PM -0200, Gustavo Franco wrote:
> And please Javi, check it too:
> http://www.mandrakesecure.net/en/docs/msec.php

	I've taken a (brief) look at msec. It seems that it is divided into
two different functionalities:

- security checks, written in shell scripts and run through cron.
- security hardening scripts, written in python and run when the user sets
the security level. Some of the hardening stuff is _also_ done on system
bootup (this time through shell scripts in init.d)

	I believe the first part is similar to the checks we already
discussed (Tiger, OpenBSD's and SUSE's) whileas the second part is roughly
similar to what Bastille does (albeit different).

	One of the things I think might be nice for end-users is to have
four different security levels. Novice admins might find it easy to set the
configuration based on a level 0 (nothing) to 4 (paranoid). 
	That's one idea that I migh bring to the Tiger package (which
currently installs in 'paranoid', i.e. all security checks enabled, mode). 

	I'll have to take a look at all the checks (one by one) in order to
determine if some of them could be included into Tiger. After all, they are
all GPLd. I will also try contact the main author to discuss some issues
with him. 

	As soon as I have a list of checks that msec provides that Tiger
doesn't yet I will post it.

	Regards

	Javi

Attachment: pgpGKKwiocFLf.pgp
Description: PGP signature


Reply to: