topic Re: Trusted Linux box in Operating System - Linux

Trusted Linux box

Account Not Used — Fri, 24 Aug 2001 18:25:41 GMT

Is there anyway to make a Linux box Trusted?
I am using RedHat 7.0 2.2.16 kernel release.

Re: Trusted Linux box

linuxfan — Fri, 24 Aug 2001 20:08:27 GMT

Hi Michael,

As such Linux has lot of features, it is matter of disabling everything and then enabling only the things you want. But if you are looking for a command like we do in HP to make a system trusted, then i don't believe there is anything like that.

But you can definitely try running bastille
http://wwww.bastille-linux.org

It will definitely make a default installation more secure.

-HTH
Ramesh

Re: Trusted Linux box

Kodjo Agbenu — Sun, 02 Sep 2001 20:45:13 GMT

Hello Michael,

Please have a look at :

http://www.hp.com/security/products/linux

This is a recent announcement. It seems to offer lots of security features and some of these features look like HP-UX ones (system event auditing).

Don't hesitate to download and read the technical product brief in PDF.

Good luck.

Kodjo

P.S. Don't forget to rate this answer (from 1 to 10).

Re: Trusted Linux box

Gerald Corson — Fri, 21 Sep 2001 17:36:52 GMT

you should be able to setup trusted access between boxes if they can both resolve each other. all you should have to do is configure the .rhosts files for the users that you want to have trusted relationship.

Re: Trusted Linux box

Chris Calabrese — Fri, 21 Sep 2001 19:24:36 GMT

Michael,

Before anyone can give a coherent answer to your question, you're first going to have to define what you mean by "Trusted."

Since this is an HP forum and you've capitalized the word, you may mean as in HP-UX Trusted Mode. In that case you're looking for password aging, shadow passwords, and kernel auditing capabilities. The first two are bundled with most Linux distributions. The auditing capabilities are built into some security-conscience implementations (such as the HP one mentioned by someone else), but are also available with the Lnux Intrusion Detection System (LIDS) kernel module for other distributions.

You may mean trusted as in other systems trust it for root level access. In that case see the comments about .rhosts stuff by someone else, though you probably want to use ssh instead of rsh (www.openssh.org).

You may also mean trusted as in US Government Trusted Systems Evaluation Criteria (C2, B1, B2, etc.). There are no Linux systems with official TSEC evaluations that I know of, but...
o The following should be able to meet C2 standards:
- Any Linux distro reasonably hardened and running LIDS
- The Wirex distro
o The following should be able to meet B1 standards when running on physically secured hardware
- The SGI distro
- The HP distro
- A well hardened system running the NSA SE Linux patches

For information on hardening Linux systems, see the SANS Institute's 'Securing Linux Step-by-Step', the RedHat site mentioned by someone else, and also the Bastille Linux Project (www.bastille-linux.org).

There are also Linux guidelines being produced by the Center for Internet Security (www.cis.org), but these aren't out yet.

Re: Trusted Linux box

Bernie Vande Griend — Fri, 21 Sep 2001 19:34:04 GMT

Chris is right on the money, you need to tell use what you mean by trusted.
In addition to his links, there is another good doc on Securing/Optimizing Linux:
http://www.redhat.com/mirrors/LDP/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/index.html

Lots of good stuff in there and its free.

Re: Trusted Linux box

Michael Worsham — Tue, 02 Oct 2001 17:41:51 GMT

You might want to look at another Linux-based OS & application called Trustix ( http://www.trustix.net/products/trustix-1.5/ ). If you are looking for a real challenge in security, take a look at the NSA's Security-Enhanced Linux ( http://www.nsa.gov/selinux/ ).