1748022 Members
5157 Online
108757 Solutions
New Discussion юеВ

Re: Trusted Linux box

 
Account Not Used
Frequent Advisor

Trusted Linux box

Is there anyway to make a Linux box Trusted?
I am using RedHat 7.0 2.2.16 kernel release.
"Who moved my cheese?"
6 REPLIES 6
linuxfan
Honored Contributor

Re: Trusted Linux box

Hi Michael,


As such Linux has lot of features, it is matter of disabling everything and then enabling only the things you want. But if you are looking for a command like we do in HP to make a system trusted, then i don't believe there is anything like that.

But you can definitely try running bastille
http://wwww.bastille-linux.org

It will definitely make a default installation more secure.

-HTH
Ramesh
They think they know but don't. At least I know I don't know - Socrates
Kodjo Agbenu
Honored Contributor

Re: Trusted Linux box

Hello Michael,

Please have a look at :

http://www.hp.com/security/products/linux

This is a recent announcement. It seems to offer lots of security features and some of these features look like HP-UX ones (system event auditing).

Don't hesitate to download and read the technical product brief in PDF.

Good luck.

Kodjo

P.S. Don't forget to rate this answer (from 1 to 10).
Learn and explain...
Gerald Corson
New Member

Re: Trusted Linux box

you should be able to setup trusted access between boxes if they can both resolve each other. all you should have to do is configure the .rhosts files for the users that you want to have trusted relationship.
Chris Calabrese
Valued Contributor

Re: Trusted Linux box

Michael,

Before anyone can give a coherent answer to your question, you're first going to have to define what you mean by "Trusted."

Since this is an HP forum and you've capitalized the word, you may mean as in HP-UX Trusted Mode. In that case you're looking for password aging, shadow passwords, and kernel auditing capabilities. The first two are bundled with most Linux distributions. The auditing capabilities are built into some security-conscience implementations (such as the HP one mentioned by someone else), but are also available with the Lnux Intrusion Detection System (LIDS) kernel module for other distributions.

You may mean trusted as in other systems trust it for root level access. In that case see the comments about .rhosts stuff by someone else, though you probably want to use ssh instead of rsh (www.openssh.org).

You may also mean trusted as in US Government Trusted Systems Evaluation Criteria (C2, B1, B2, etc.). There are no Linux systems with official TSEC evaluations that I know of, but...
o The following should be able to meet C2 standards:
- Any Linux distro reasonably hardened and running LIDS
- The Wirex distro
o The following should be able to meet B1 standards when running on physically secured hardware
- The SGI distro
- The HP distro
- A well hardened system running the NSA SE Linux patches

For information on hardening Linux systems, see the SANS Institute's 'Securing Linux Step-by-Step', the RedHat site mentioned by someone else, and also the Bastille Linux Project (www.bastille-linux.org).

There are also Linux guidelines being produced by the Center for Internet Security (www.cis.org), but these aren't out yet.
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
Bernie Vande Griend
Respected Contributor

Re: Trusted Linux box

Chris is right on the money, you need to tell use what you mean by trusted.
In addition to his links, there is another good doc on Securing/Optimizing Linux:
http://www.redhat.com/mirrors/LDP/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/index.html

Lots of good stuff in there and its free.
Ye who thinks he has a lot to say, probably shouldn't.
Michael Worsham
Occasional Advisor

Re: Trusted Linux box

You might want to look at another Linux-based OS & application called Trustix ( http://www.trustix.net/products/trustix-1.5/ ). If you are looking for a real challenge in security, take a look at the NSA's Security-Enhanced Linux ( http://www.nsa.gov/selinux/ ).
Be lazy. Do it right the first time.