AIDE/OSSEC w/linux removable USB security configuration
Von: dgetsman@amirehab.net [Profil]
Datum: 12.02.2009 19:15
Message-ID: <gn1p0b$ehu$1@news.motzarella.org>
Newsgroup: alt.comp.issues.security alt.os.security alt.securitycomp.os.linux.security
Datum: 12.02.2009 19:15
Message-ID: <gn1p0b$ehu$1@news.motzarella.org>
Newsgroup: alt.comp.issues.security alt.os.security alt.securitycomp.os.linux.security
I have had to take a 'crash course' in hardening Linux Ubuntu 8.04LTS/8.10 systems due to an issue that we had with a possible security violation a few weeks ago. The first step that I took in responding to this issue was to set up OSSEC HIDS; I believe that configuration is now about as good as I'll get it without further time to devote to studying in-depth guides to this system. The next step that I wanted to take regarding this issue was to set up AIDE in a manner that will allow me to take hash checksums of any systems that I need to. I have been able to configure this for the most part in a standard configuration from debian/ubuntu packages at this point. It was mentioned to me that I might want to make sure that I put the checksum/hash database and AIDE binary on a removable USB drive to ensure that it is not tampered with in lieu of rootkit possibilities and root access being compromised on these machines. This is the point where I am struggling a bit right now... I would, ideally, like to set up a procedure where I can maintain a hierarchy on removable media of the configurations and PGP/GPG signature validated binaries of all security installation files that may be targeted for trojans, as well as applicable databases for programs such as AIDE (1st choice), or tripwire. Of course my master set will contain a hierarchy with separate places for each of our development and production servers and machines. That part is trivial, but I have had a bit of a problem identifying where exactly I might find the applicable AIDE hash/checksum databases and precisely which files I want to copy to my removable master copy. Unfortunately, due to other responsibilities that are being given to me with higher priorities (from personnel that do not truly understand the vital nature of security on their systems), my time to work with these projects is limited a bit currently. I have at my disposal a weak personal grasp of google-fu which has not turned up anything for me on these subjects just yet along with the NSA guides to hardening RHEL... I do not have at my disposal the time to pour over these in-depth as I would like at this point. Can anybody give me a few pointers on what I'm looking for here? It would save me some much needed time and I would very much appreciate it, or any links that I've failed to turn up that might point me in the right direction in a more timely manner. TIA! Damon Getsman -=-=-=- http://www.lookupanyone.com/namelistings/damon-getsman-andrew-getson.html http://tinyurl.com/c8k7fm http://www.zoominfo.com/people/Getsman_Damon_-214241.aspx http://www.ITRx-ND.com/ Systems Administrator/Programmer/IT Customer Relations -=-=-=-[ Auf dieses Posting antworten ]
Antworten
- Damon Getsman (12.02.2009 21:01)
- C. (13.02.2009 14:21)
- Damon Getsman (13.02.2009 18:35)