topic Re: LINUX Hardening guide differences in Secure OS Software for Linux

LINUX Hardening guide differences

robert mead_1 — Tue, 02 Mar 2010 21:38:52 GMT

What is the difference between the HP Common Criteria EAL4+ Evaluated Configuration Guide for Red Hat Enterprise Linux 5 on Hardware, date 05/31/2007; 2.3 and the NSA Guide to The Secure Configuration of Red Hat Enterprise Linux 5, date 12/20/2007; Revision 2?

Is one of these more complete then the other?

Re: LINUX Hardening guide differences

Steven E. Protter — Tue, 02 Mar 2010 21:56:42 GMT

Shalom,

The OS security vulnerabilities are different. HP ships in an insecure but secure able state.

Linux ships in a lot more secure state, but it can be improved.

Think about Bastille for both.

It does a nice job.

SEP

Re: LINUX Hardening guide differences

rmueller58 — Tue, 02 Mar 2010 22:15:21 GMT

Based on the date of the Guides you are looking at it might be best to get into one of the RHEL Classes on SELINUX and Redhat secured over a book that is 4 years old.

I'd be inclined to pickup the NSA guide as NSA wrote the guidelines for SE enhancements which redhat adopted..

Re: LINUX Hardening guide differences

Don Mallory — Wed, 03 Mar 2010 12:46:51 GMT

I've always been a fan of the Centre for Internet Security benchmark tools. They are essecentially documents, that are consensus based that help to bring things in line. Large portions of the document also include pre-written scripts to help automate the task.

http://cisecurity.org/en-us/?route=downloads

They have benchmarks for pretty much any OS, as well, they have audit tools to test against later.

Bastille is a great tool to start with, but is lacking in a number of areas. CIS also provides Bastille configs as a base, but enhances on them.

Before wasting your time on an SELinux course, check out SANS (www.sans.org). There is a UNIX specific course, which is primarily Linux based, as well as others. The Essentials bootcamp has a full day of UNIX/Linux as part of the 6-day program, which is an excellent program.

Under the SANS reading room, there are a large number of whitepapers available for pretty much any topic. All papers in here are the work of successful "gold" certifications and double-blind graded by experts in the given field being written about.

Something to remember about these documents is that they are not a "Bible". They are a series of guidelines that can lead to better security and hardening of a host. They change, they are not static, as a host that is secure today, is not secure tomorrow. Security is a journey, not a destination. No single reference is all encompassing.

With that in mind, view the documents as a valid reference, consensus based ones are better than those written in a vacuum. What is most important is understanding the risk to your critical assets, and prioritise time, and resources to reduce those risks. If there is a risk you cannot reduce, understand the risk, and most of all, understand and put in place means by which you can DETECT that the risk has been compromised.

Good luck and happy hunting,
Don