Securing down RHEL

Printable View

03-08-2013
absal0m

Securing down RHEL

Hello, I am looking in opinions on securing my RHEL linux box. I know a very good amount of hacking/security techniques from my hacking days, but I always want to get others opinions. We all have something to learn from each other. Also, I am trying to run aide -i, which runs, but nothing seems to be happening. Any ideas?

-absal0m

*edit* aide was just taking awhile to load. Though aide now gives me this error:File database must have one db_spec specification
03-09-2013
Rubberman

Don't know about aide. Most people use iptables and selinux extensions to harden a RHEL server.
03-09-2013
absal0m

Quote:

Originally Posted by Rubberman

Don't know about aide. Most people use iptables and selinux extensions to harden a RHEL server.

I do too. I was using aide as a file integrity scanner. I am quite constantly under attack.
03-10-2013
unspawn

Quote:

Originally Posted by absal0m

We all have something to learn from each other.

Not to be pedantic about it but there's no opportunity to "learn from each other" until you actually share something anyone here can learn from.

Quote:

Originally Posted by absal0m

(..) aide now gives me this error:File database must have one db_spec specification

Start with 'aide -c aide.conf -D;' and 'man aide.conf'. If you really don't get it post output of 'grep database_ aide.conf'.

Quote:

Originally Posted by absal0m

Hello, I am looking in opinions on securing my RHEL linux box.

I'm very much for sharing nfo efficiently. What's missing IMO is details about this machines location and role and a list of basic security measures you already implemented. (Also note that saying things like "machine under attack" is not useful w/o details.) Regardless of that be aware Red Hat has provided extensive admin documentation for ages which may serve as initial checklist. On top of that several organizations provide guidelines (NSA, NIST, SANS), benchmarks (Cisecurity, OVAL) and tools (Red Hat, 3rd party repos like EPEL) for free to help you assess this machines security posture. I suggest you start by posting the requested details, that way it's easier to fill in the gaps.
03-10-2013
absal0m

Quote:

Originally Posted by unspawn

Not to be pedantic about it but there's no opportunity to "learn from each other" until you actually share something anyone here can learn from.

Start with 'aide -c aide.conf -D;' and 'man aide.conf'. If you really don't get it post output of 'grep database_ aide.conf'.

I'm very much for sharing nfo efficiently. What's missing IMO is details about this machines location and role and a list of basic security measures you already implemented. (Also note that saying things like "machine under attack" is not useful w/o details.) Regardless of that be aware Red Hat has provided extensive admin documentation for ages which may serve as initial checklist. On top of that several organizations provide guidelines (NSA, NIST, SANS), benchmarks (Cisecurity, OVAL) and tools (Red Hat, 3rd party repos like EPEL) for free to help you assess this machines security posture. I suggest you start by posting the requested details, that way it's easier to fill in the gaps.

Quite blunt, but true no less. I will gather my information and hopefully post it later today.

But again, your first statement. I found that quite rude, and if you have to say "not to be pedantic" you are being pendantic.
03-11-2013
Lakshmipathi

For our servers, we used rootkit hunter Rootkit Hunter
As Rubberman and unspawn mentioned,we have custom selinux modules with iptables and before everything else
gone through this NSA doc http://www.nsa.gov/ia/_files/os/redh...guide-i731.pdf as first step.

HTH
03-12-2013
unspawn

Quote:

Originally Posted by absal0m

I will gather my information and hopefully post it later today.

Any progress there?