Re: Common (basic) security checks for a base installation? (was Re: Security notification script in Perl)
On Mon, 2002-12-30 at 09:25, Javier Fernández-Sanguino Peña wrote:
> On Fri, Dec 27, 2002 at 01:01:09PM -0200, Gustavo Franco wrote:
> > And please Javi, check it too:
> > http://www.mandrakesecure.net/en/docs/msec.php
> I've taken a (brief) look at msec. It seems that it is divided into
> two different functionalities:
> - security checks, written in shell scripts and run through cron.
> - security hardening scripts, written in python and run when the user sets
> the security level. Some of the hardening stuff is _also_ done on system
> bootup (this time through shell scripts in init.d)
> I believe the first part is similar to the checks we already
> discussed (Tiger, OpenBSD's and SUSE's) whileas the second part is roughly
> similar to what Bastille does (albeit different).
I can't talk about Bastille, but the second part written in python has
good features implemented as you can see.
> One of the things I think might be nice for end-users is to have
> four different security levels. Novice admins might find it easy to set the
> configuration based on a level 0 (nothing) to 4 (paranoid).
> That's one idea that I migh bring to the Tiger package (which
> currently installs in 'paranoid', i.e. all security checks enabled, mode).
Good, i guess which tiger can be changed to works better than msec.
> I'll have to take a look at all the checks (one by one) in order to
> determine if some of them could be included into Tiger. After all, they are
> all GPLd. I will also try contact the main author to discuss some issues
> with him.
> As soon as I have a list of checks that msec provides that Tiger
> doesn't yet I will post it.
Gustavo Franco -- <email@example.com>