Basically, out of the box, is SUSE hardened to meet DISA STIG compliance? along with the question came a 500 page UNIX Security checklist I am not looking forward to reading through nor typing 5000 commands.
View 1 RepliesCurrently I'm looking into implementing mod_security on all our apache servers. The installation on CentOS 5.5 comes directly with the "Core Rule Set" by the mod_security devs (curiously Debian and Ubuntu do not carry these) They also offer the Enhanced Rule Set for mod_security in a commercial package [URL] The main point there in their info link is the first point
Quote:
Tracking Credit Card Usage as required by the Payment Card Industry Data Security Standard However acc. to this wiki article ( http://en.wikipedia.org/wiki/Payment...urity_Standard ) that specific requirement isn't stated anywhere, as well as my colleague who's working on the PCI-DSS compliance for our code/servers/etc. mentioned that he hasn't heard of this specific requirement either. So my question would be if anyone has any experience with their ERS package and if it's needed for the PCI-DSS compliance compared to the requirements given in bullet points @ wiki article.
Joanna Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, has released a new open-source operating system meant to provide isolation of the OS's components for better security.
The OS, called Qubes, is based on Xen, X and Linux and is in a basic, alpha stage right now. Qubes relies on virtualization to separate applications running on the OS and also places many of the system-level components in sandboxes to prevent them from affecting each other.
I'm tasked with creating a base image of ubuntu (one for server, one for workstation) that is locked down and has all the fluff taken out (naturally workstation will have more fluff left in it than server). Task list looks about like this:
1. Create list of deb packages "allowed", write script to list/uninstall everything else.
2. Hook the logins into either enterprise kerberos or Active Directory (yuck).
3. Write scripts to check things like setuid/setguid, disabling su, checking sudo permissions, configure iptables, etc.
4. Use a scanner to scan the system from outside the system (was thinking of using backtrace).
5. Custom-compile the kernel to strip out all the unneeded modules.
Before embarking on this awesome task I figured I'd check with you guys to see if you know of some resources that would make this task easier/quicker. I'm sure someone out there has already headed down this branch.
PS My boss *loves* ubuntu and isn't to keen on going with a deb (or other) distro that is already "security trimmed" without some serious convincing. I'm sure there are some out there, and if you want to pass along a couple for consideration, I'll check them out, but no guarantees he'll let me use it.
I'm here of course because I would like to know what would be the SSH command to issue if I need to delete certain files that meet certain criteria. For instance, in this case, I simply have files that almost bear the same name but still have some very minor differences.
Let me give you an example:
L0619000.log
L0619001.log
L0619002.log
L0619003.log
L0619004.log
Those in bold are those I'd like to have removed, while the "L0619004.log" is obviously to be left intact.
I'm working with a vendor on getting a web site certified for Payment Card Industry Data Security Standard for processing our credit card transactions. The vendor's running Centos 5 (which we also run at my business). The current issue has to do with sendmail, which the required PCI security scans say should be upgraded to 8.14.4. However, the vendor points out that latest version packaged for yum on Centos 5 is 8.13.8.
I'm still somewhat of a newbie at this, but from my reading, it seems that installing the 8.14.4 sendmail means using 3rd party repositories and potentially breaking the system. I browsed through "Installing RPMforge" on Centos wiki, which notes that a complete listing of the over 4000 RPMforge packages is at [URL]. Scanning that link shows sendmail packages with lower numbers than what's currently installed, 8.13.8. All I see on sendmail.org are tarballs of the latest verson, 8.14.4, available 2009-12-30. I presume this means you must install from source; I'm not sure the vendor's comfortable with this, especially for such an essential service.
There is no "security" forum so I figured I'd post this here.
Because of PCI compliance requirements, we are going to begin using the built-in audit utility that comes with SuSE to monitor file/directory changes. The utility comes pre-configured to monitor many system files but I was curious as if there is a standard list of files/folders that should be monitored for PCI compliance? I've scanned the web but haven't come across anything yet.
I'm attempting to install WoW via wine, and when I run the installer I am told my hardware doesn't meet the requirements.
View 5 Replies View RelatedWe are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies View RelatedI ran ckrootkit -q as SU
I have a bunch of stuff I cannot decipher such as access denied(as root I would think I can access it) &
Paths with no explanation as to why they were output. &
Bangs with no apparent reason (last few lines of output.
Where I need to read to find out what this means? or decipher the output.
linux-xt06:/home/kilbert # chkrootkit -q
I see that the PHP5 version in the official repository (OSS) is outdated and dangerous to use. I can't find a newer version in the official update repo either.
View 6 Replies View RelatedJust noticed this, when I am logged into OpenSuse 11.3 under my default user (autologin) I have 3 of the same user logged in, eg when I run top it shows 3 users and when I run the users command it shows the same user 3 times. Is there any reason for this? Do I need to investigate this at all?
View 1 Replies View RelatedI have installed keberos on my suse machine, but after installation now I am not able to login in it even with the root password. I search over the internet but could not find the solution. What to do now and how to configure Kerberos on a local machine with only local users authentication. I mean client and server both are on the same machine.
View 2 Replies View RelatedI have been trying to find a virus protection software that will integrate with my kernel 2.6.16.60-0.42.4. I tried Linuxshield, but the version of kernel I have is too new. I spent two days trying to make it work, but it gives me an error continually, no matter what I do when I try to install it. If there is anyone on the same kernel version that has had success with a virus protection software.
View 11 Replies View RelatedWhen I go to single user mode for resetting root password, It ask root pawssword for login.The message displayed on prompt is "Give root password for login.On the boot prompt, I select kernel and press 'e' and after one space type 1 for single User mode and then press 'b' for booting.It shows message entering in single user mode but ask root password. Even I tried into rescue mode, but I couldn't ser root password.In rescue mode on prompt, It shows rescue login: I typed root, But when typed 'passwd' foe resetting root pawssword,It shows message unknown user and not authetication.
View 1 Replies View Relatedcreated a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
View 4 Replies View RelatedI bought this laptop several years ago. It had Vista. Just long enough for me to download SUSe, nuke and pave the HD and install Linux. Recently I upgraded from 1 GB to 4 GB of RAM, the maximum that is allowed given the motherboard (based on from what I am able to learn the Intel 945 chipset).
After upgrading to 4 GB, the machine (according to "My Computer") only sees 2.9 GB. I understand that under an earlier version of the BIOS that the machine would not recognize the RAM correctly. Additionally the "My Computer" page lists the display as "Intel 945GM". My problem is that I can find no Linux utility to flash the BIOS on this machine-- Toshiba only provides the BIOS included in an .exe file for either XP or Vista. I am hesitant to use the BIOS for the Intel 945 series motherboards from their site.
I intend to re-install open suse 11.2, 32-bit. On a previous install,suse did not provide a grub entry for ubuntu.My current setup has
ubuntu/root on /dev/sda6
ubuntu/home on /dev/sda7
ubuntu/usr/local on /dev/sda8
[code]...
I am running memory test on SUSE, Memory test is just writing some patterns into a memory and reading it back in all CPU threads. After a while, when memory test is running in the background , I am trying to reset the system by echo b> /proc/sysrq-trigger command, Upon SUSE warm reset , I am seeing some UNCORRECTABLE MEMORY ERROR in model specific register (MSR : 0x421),
I am seeing this behavior on one of my server which has huge amount of memory.,Have you ever seen this UCECC error when SUSE generates warm reset when memory test in the background ?
I've got several language multimedia CD-Rom's, made for Windows 95/98/98 SE and 2000, that I'm using by means of my daughter's old PC (Win 98 SE O.S.). However I noticed, also, that you can perfectly use them even with Windows Vista. What I'd like to know is if you can use them even with Suse/Novell and (why not?) OpenSuse Linux.
View 4 Replies View RelatedOK... I tried everything i could think of... but i still cannot get my Open SUSE 11.1 to mount my samba share at boot! I still don't understand the 11.1 boot sequence. can NE one help me... tell me what files to give you output from... Ty guys P.S. My shares originate from a Windows Server 2003 RC2 machine, and it's dns server doesn't work correctly... so my mount command is
mount -t //192.168.x.x/files/ /nET/ -o username=linux,password=xxxxxx
please let me know what other info you need... I don't have the internet, so it will be tommorow b4 i see this again!!! Thanks
When i am adding a user using "useradd -d /home/test test" or "useradd test", it is now creating the home directory, whereas when i am using the graphical mode and going through several menu options, i am getting the home directory.
View 1 Replies View RelatedI am new to Linux and wow, it did not take me long to run into a huge snag. I am running Suse Linux Enterprise 10 on a laptop and by some strange reason the computer froze from overheating and I was forced to shutdown improperly. Once I restarted it booted right to the command prompt when it usually instead boots to the default user. I managed to get gnome running using the "startx gnome" command. But when gnome loads, none of my normal extentions load like my wireless driver, the sound driver, etc. how to restore gnome to automatically load the default user on start up or fix any other damage I might have done? lol
View 3 Replies View Relatedi have windows 7 installed on my laptop and working fine..i want to install Open Suse 11.2 along side. I tried installing by booting with DVD for Suse. But it gave me warning to delete the windows partition.I would like to keep the partition intact with windows 7 and install Suse. Any suggestions ?I can create partition on my laptop but i do not want to modify the current windows structure.
View 9 Replies View Relatedhow to install a D-Link Access Point on Suse 11.0 or steer me toward documentation that will do that? I configured the device on XP following instruction from this forum and the AP configured perfectly.The AP is plugged directly into the network port on the computer. It *should* function correctly without a router. I tried a restart and Suse has no idea it's there. The computer is currently configured for a wired connection which needs to be changed. The computer itself is going to be used as a small home storage server.
View 3 Replies View RelatedI have a disturbing problem with my monitor which goes to sleep (or ??) after few minutes if my comp is not used and most of the time I have to restart my comp.I disabled everything in Powersave , but nothing. I did have that problem in previous versions of SUSE, but somehow, I solved that. I cant remember what I did then.
View 4 Replies View RelatedI've pre-partitioned my HDD and want to install 11.2 on the second primary partition.However, when using the installer, I can't get Suse to install on the prepared 20gb partition - it keeps insisting it wants to install on the large unallocated section of the drive.
I find the partitioner somewhat hard to use and the answer may be staring me in the face but I can't see it.
Recently my computer was infected by several viruses and my brother cleaned it up and installed SuSe for me. He also put windows xp back on my system for our children. I am having a terrible time installing our Dell 924 printer. I have it installed for windows, but cannot get it to print for my Linux system. What am I doing wrong? Can anyone give me some direction?
View 5 Replies View Relatedi've had a windows xp pro where the printer epson aculaser c900 is shared. When i wan't to print from linux. When i look on dhe xp pc the files are in the print qeue. But the printer give no print out.
View 4 Replies View RelatedI bought Huawei E156 HSDPA data card. Able to connect to internet with windows PC by using this data card.But I would like to test the card with linux PC where I have Suse 11.1 installed. Is there any one to help out how can I test ?
View 2 Replies View Related