[TriLUG] Basic Security Question

Tanner Lovelace lovelace at wayfarer.org
Thu May 9 10:42:44 EDT 2002


On Thu, 2002-05-09 at 10:25, Lisa C. Boyd wrote:
> Three years ago (yeah - I know - an eternity in software time), I went to a 
> seminar/conference about Linux. The speaker was talking about how Linux 
> installs left a lot of open doors that are major security risks. Doors that 
> have to be closed by the user and that most student users never realize 
> that they need to close those doors. This was at a time when there were a 
> lot of problems on the network due to students not configuring their 
> computers correctly.
> 
> So - is this true for installations nowadays? And if so, ya'll will help me 
> Saturday close all those doors right? ;)

Well, I can only speak for what I've used, but Mandrake
does very well in this regard.  I think they've changed
the terminology now, but a few versions ago they gave you 
a range of security to choose from that varied from
"Paranoid" to "Hello Crackers!". :-)  They also include the
Bastille program that automatically goes through and shuts
security holes and locks things down.  In addition, they
include portsentry for watching network ports and the prelude
network intrusion detection program.  I'm not totally sure, but
I believe that the snort intrusion detection program and the
tripwire file integrity checker may be in contrib (or if not,
they are easily installed).

In addition, it includes a kernel specifically compiled to
be secure.  It adds several patches that do things like
make the stack non-executable, changes the permissions
on the /proc filesystem to be more restrictive, prevents
hard links in /tmp, etc...

So, Mandrake can easily be made very secure.  I run Mandrake
on my web/mail server and have never had any problems.

Tanner
-- 
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
   He who receives an idea from me, receives instruction himself 
   without lessening mine; as he who lights his taper at mine, 
   receives light without darkening me.  --  Thomas Jefferson




More information about the TriLUG mailing list