Re: Comparing linux distros.

[Ankush Kapoor <everbeeninlove () gmail com>]

You can try out GFI's LanGuard to "nmap" them. Some of the results
given by this product don't appear on Nessus scans.

Priviledged files should be easy to find, a simple find / -perm +4000
or something like that should give you files that you should keep your
eyes on.

I don't know much about the others, but redhat's FC3 screws up things
well and proper in someways. I mean, it does "secure" things in a way,
but IFS, SUID etc don't always work the way they should. I discovered
that while developing a wargames server recently.

An out-of-the-box configuration is somewhat ambiguous in the sense
that often you come across suggestions you dont heed. Like the famous
"linux single" directive on lilo, or its equivalent in grub.

You could probably also look up on how many vulnerabilities come out
for the applications installed by default for each of the
distributions. That should give you some idea regarding how bad is
what! No trivial task though!

all the best

regards

Ankush Kapoor


On Tue, 22 Feb 2005 15:22:24 +0100, Lars Georg Paulsen
<maillist () braindead nu> wrote:
> Hi list.
>
> I'v just started on my bachlor paper. It's about comparing 4 different
> linux distros (debian, slack, mandrake, fedora). I'm going to have a
> look at how well the diffent system are protected. All distro's are
> going to be installed with default settings, so they should almost be at
> the same level.  I would like to test how well they are secured
> out-of-the-box.
> Both from remote and from local consoll.
>
> What I have set up to now;
> - Port scanning;
>         I would like to do a portscan (using nmap)
>         Maping service that are running as default on every distro.
>         Check if any of the distro have any default settings for logging
>         such activites. trough out /var/log/* or any where els.
>         Also using the -O -v flag for nmap so I can get information      about
> TCP sequence prediction, and IPID sequence generation.
>
> - Nessus vun. test;
>         Run a test just to check the results, compared to what I'v got from
> nmap.
>
> - Local file security;
>         I'v notice that on some box's there are special commands, ex,
> ' /bin/ping '. Are the other program that you would like to check
> priviliges to? and what about normal users reading system files,
> configures settings under /etc/* , any viewpoints?
>
> The hole point for my bachlors paper is comparing the 4 distro's up
> agains eachother. Bare in mind, this is just a small part of the hole
> bachlor paper, so I don't want to go all the way to the bottom.
>
> Any suggestions? on what do you guys think I should include?, or drop
> out...
>
> thanks in advance.
>
> cheers
> Lg
>
> --
> Lars Georg Paulsen <maillist () braindead nu>