Hi Lars,
IMO before you even start comparing them you should bring them all to
one kernel tree and install all available security updates, otherwise
it makes no sense comparing anything.
Maciej Bonin <lewrker[at]gmail[dot]com>
---------- Forwarded message ----------
From: Lars Georg Paulsen <maillist@braindead.nu>
Date: Tue, 22 Feb 2005 15:22:24 +0100
Subject: Comparing linux distros.
To: sec-basic list <security-basics@securityfocus.com>
Hi list.
I'v just started on my bachlor paper. It's about comparing 4 different
linux distros (debian, slack, mandrake, fedora). I'm going to have a
look at how well the diffent system are protected. All distro's are
going to be installed with default settings, so they should almost be at
the same level. I would like to test how well they are secured
out-of-the-box.
Both from remote and from local consoll.
What I have set up to now;
- Port scanning;
I would like to do a portscan (using nmap)
Maping service that are running as default on every distro.
Check if any of the distro have any default settings for logging
such activites. trough out /var/log/* or any where els.
Also using the -O -v flag for nmap so I can get information about
TCP sequence prediction, and IPID sequence generation.
- Nessus vun. test;
Run a test just to check the results, compared to what I'v got from
nmap.
- Local file security;
I'v notice that on some box's there are special commands, ex,
' /bin/ping '. Are the other program that you would like to check
priviliges to? and what about normal users reading system files,
configures settings under /etc/* , any viewpoints?
The hole point for my bachlors paper is comparing the 4 distro's up
agains eachother. Bare in mind, this is just a small part of the hole
bachlor paper, so I don't want to go all the way to the bottom.
Any suggestions? on what do you guys think I should include?, or drop
out...
thanks in advance.
cheers
Lg
--
Lars Georg Paulsen <maillist@braindead.nu>
