Find the answer to your Linux question:
Results 1 to 7 of 7
Hello, I am looking in opinions on securing my RHEL linux box. I know a very good amount of hacking/security techniques from my hacking days, but I always want to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2013
    Location
    New Jersey
    Posts
    41

    Securing down RHEL


    Hello, I am looking in opinions on securing my RHEL linux box. I know a very good amount of hacking/security techniques from my hacking days, but I always want to get others opinions. We all have something to learn from each other. Also, I am trying to run aide -i, which runs, but nothing seems to be happening. Any ideas?

    -absal0m

    *edit* aide was just taking awhile to load. Though aide now gives me this error:File database must have one db_spec specification

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,655
    Don't know about aide. Most people use iptables and selinux extensions to harden a RHEL server.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Just Joined!
    Join Date
    Feb 2013
    Location
    New Jersey
    Posts
    41
    Quote Originally Posted by Rubberman View Post
    Don't know about aide. Most people use iptables and selinux extensions to harden a RHEL server.
    I do too. I was using aide as a file integrity scanner. I am quite constantly under attack.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Aug 2009
    Posts
    83
    Quote Originally Posted by absal0m View Post
    We all have something to learn from each other.
    Not to be pedantic about it but there's no opportunity to "learn from each other" until you actually share something anyone here can learn from.


    Quote Originally Posted by absal0m View Post
    (..) aide now gives me this error:File database must have one db_spec specification
    Start with 'aide -c aide.conf -D;' and 'man aide.conf'. If you really don't get it post output of 'grep database_ aide.conf'.


    Quote Originally Posted by absal0m View Post
    Hello, I am looking in opinions on securing my RHEL linux box.
    I'm very much for sharing nfo efficiently. What's missing IMO is details about this machines location and role and a list of basic security measures you already implemented. (Also note that saying things like "machine under attack" is not useful w/o details.) Regardless of that be aware Red Hat has provided extensive admin documentation for ages which may serve as initial checklist. On top of that several organizations provide guidelines (NSA, NIST, SANS), benchmarks (Cisecurity, OVAL) and tools (Red Hat, 3rd party repos like EPEL) for free to help you assess this machines security posture. I suggest you start by posting the requested details, that way it's easier to fill in the gaps.

  6. #5
    Just Joined!
    Join Date
    Feb 2013
    Location
    New Jersey
    Posts
    41
    Quote Originally Posted by unspawn View Post
    Not to be pedantic about it but there's no opportunity to "learn from each other" until you actually share something anyone here can learn from.



    Start with 'aide -c aide.conf -D;' and 'man aide.conf'. If you really don't get it post output of 'grep database_ aide.conf'.



    I'm very much for sharing nfo efficiently. What's missing IMO is details about this machines location and role and a list of basic security measures you already implemented. (Also note that saying things like "machine under attack" is not useful w/o details.) Regardless of that be aware Red Hat has provided extensive admin documentation for ages which may serve as initial checklist. On top of that several organizations provide guidelines (NSA, NIST, SANS), benchmarks (Cisecurity, OVAL) and tools (Red Hat, 3rd party repos like EPEL) for free to help you assess this machines security posture. I suggest you start by posting the requested details, that way it's easier to fill in the gaps.

    Quite blunt, but true no less. I will gather my information and hopefully post it later today.

    But again, your first statement. I found that quite rude, and if you have to say "not to be pedantic" you are being pendantic.

  7. #6
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,763
    For our servers, we used rootkit hunter Rootkit Hunter
    As Rubberman and unspawn mentioned,we have custom selinux modules with iptables and before everything else
    gone through this NSA doc http://www.nsa.gov/ia/_files/os/redh...guide-i731.pdf as first step.

    HTH
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  8. #7
    Just Joined!
    Join Date
    Aug 2009
    Posts
    83
    Quote Originally Posted by absal0m View Post
    I will gather my information and hopefully post it later today.
    Any progress there?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •