Monday, October 29, 2012

Cool Linux system hardening tutorial

It's a computer lab assignment, locking down your Linux boxen.  It has some great suggestions and pointers to useful tools.  Security geeks will like this.

Me, I particularly like the SCAP stuff which IMHO is the most significant security advance in maybe 15 years.  And I simply hadn't ever run across limits.conf which looks like the shiznit.

We now return you to your regular blogging schedule.

5 comments:

drjim said...

Interesting.....

I'm trying to get it running on OpenSUSE 12.2 with no joy.

Jim said...

Thank you, Borepatch. Frequently you turn up some real interesting goodies.

I've never heard of SCAP before and it looks worth further investigation. The CTS 2311 course looks good, but I almost feel sorry for someone just starting out in the field for the amount of material they must absorb just to get a decent overview. Some people spend a significant portion of their careers on just one of those bullet points in the lectures.

drjim - good luck with OpenSuse 12.2. Without knowing what you're having issues with, it's hard to know what to recommend. I liked this part of the 12.2 portal; the package management info was useful and points at various additional repositories (you may still need to get some things built).

http://en.opensuse.org/Portal:Documentation

drjim said...

BTDT, still trying to figure out HOW to get it to do the scan.

Probably a configuration issue, but the OpenSCAP website is sorely lacking in good, readable "HOWTO".

Jim said...

Gotcha. I forsee the effort being interesting, as a search on 'openscap' at opensuse.org yields nada. Oh well, at least there's some Fedora doc and sample OVAL/XCCDF content out there. Just a couple things I noticed and then I'll stop. Wouldn't do to wear out Borepatch's patience ;-)

http://infotechmike.blogspot.com/2012/03/how-to-use-openscap-in-fedora-release.html

http://fedoraproject.org/wiki/Features/OpenSCAP

Good luck.

DaddyBear said...

SANS puts out an excellent Linux hardening guide. I took the Unix/Linux security course that's based on it. Hal Pomeranz does an excellent job expanding on the "Why" of the steps.