Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Custom Unix server installations -- to harden extensively ?

From: Crispin Cowan <crispin () immunix com>
Date: Wed, 14 May 2003 07:33:25 -0700
Julian Gomez wrote:


What is the relative opinion of hardening general purpose Unix servers
(general == mail, web, db hosts). Obviously, wherever possible, I'd like to
get most of the unwanted packages stripped and removed; but very frequently
-- this is extremely time consuming and is alot of documentation work
(which btw, no one ever bothers to read).


For this kind of configuration management, consider the Bastille project
<http://bastille-linux.org/>. Bastille is an open source project to help
configure UNIX-like systems to be secure by disabling stuff you don't
need. Available for many platforms.


The only commercial product which comes to mind which I think is to cater
for this would be Guardian Digital's offering, though I haven't played with
it yet.
You might also want to consider Immunix. We've been doing this about 2 years longer than Guardian Digital, and we have more security features. For do-it-yourself host hardening you want Immunix 7+, which is what we played at Defcon last year. 

Crispin

--
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
           http://www.immunix.com/shop/



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: