nixCraft Linux Forum

nixCraft

Linux / UNIX Tech Support Forum

OS Hardening - Packages required by a program

This is a discussion on OS Hardening - Packages required by a program within the Networking, Firewalls and Security forums, part of the Mastering Servers category; Hi, I'm in the process of installing a firewall and would like to harden the OS by installing only the ...


Go Back   nixCraft Linux Forum > Mastering Servers > Networking, Firewalls and Security

Linux answers from nixCraft.


Networking, Firewalls and Security No it's not a secret. Talk about firewalls and security issues.

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-07-2008, 10:49 AM
Junior Member
User
 
Join Date: Jul 2008
Location: Mother Earth
OS: Fedora Core
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
sherkhan is on a distinguished road
Default OS Hardening - Packages required by a program

Hi,

I'm in the process of installing a firewall and would like to harden the OS by installing only the bare minimum OS packages required for the firewall software to run.

The firewall vendor has not provided any OS hardening document. How do I find out which files (and from that info -> which packages) are required for the firewall to run?

I have set up another (test) system with a full OS install and the firewall installed and am in the process of digging into it.

Any help would be appreciated.
Reply With Quote
  #2 (permalink)  
Old 11-07-2008, 10:57 PM
amitabh's Avatar
Contributors
User
 
Join Date: Jul 2008
Location: New Delhi
OS: FreeBSD
Posts: 99
Thanks: 0
Thanked 4 Times in 3 Posts
Rep Power: 4
amitabh has a spectacular aura about amitabh has a spectacular aura about amitabh has a spectacular aura about
Send a message via MSN to amitabh Send a message via Yahoo to amitabh Send a message via Skype™ to amitabh
Default

which firewall and which distro/os?
Reply With Quote
  #3 (permalink)  
Old 14-07-2008, 09:52 AM
Junior Member
User
 
Join Date: Jul 2008
Location: Mother Earth
OS: Fedora Core
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
sherkhan is on a distinguished road
Default

Checkpoint NGX on Solaris 10 on a Sun 480R box.

I deliberately made the question generic because it could be applied for hardening the OS wrt to any application you wish to install.

Cheers
Reply With Quote
  #4 (permalink)  
Old 14-07-2008, 01:21 PM
amitabh's Avatar
Contributors
User
 
Join Date: Jul 2008
Location: New Delhi
OS: FreeBSD
Posts: 99
Thanks: 0
Thanked 4 Times in 3 Posts
Rep Power: 4
amitabh has a spectacular aura about amitabh has a spectacular aura about amitabh has a spectacular aura about
Send a message via MSN to amitabh Send a message via Yahoo to amitabh Send a message via Skype™ to amitabh
Default

Different distros/os have different approaches towards packages applications.

*BSD and Debian prefer to keep it bare bones, and then you add packages as and when required. This helps you to keep the bare minimum apps necessary on your servers.

Others like Red Hat based distribution have a large set of default apps/packages installed unless you configure it otherwise during install time.

Personally I moved on to *BSD long time back for some very similar reasons. You get a bare bones OS, over which you only install stuffs that are absolutely needed.
Reply With Quote
  #5 (permalink)  
Old 14-07-2008, 11:12 PM
rockdalinux's Avatar
Is that all you got?
User
 
Join Date: May 2005
Location: Planet Vegeta
OS: Redhat
Posts: 708
Thanks: 15
Thanked 19 Times in 18 Posts
Rep Power: 10
rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light
Default

Have you tried SourceForge.net: Bastille-linux / Bastille Unix ? It currently functions on most major Linux distributions as well as Mac OSX and HP-UX. By looking at source code you will get idea about Solaris version.

Few suggestions:
  1. Install required softwares only
  2. Firewall should close all incoming and outgoing traffic, then open required incoming and outgoing ports. Also, run firewall in stateful mode.
  3. Always keep system up to date
  4. Install BSM
  5. Google for "trusted solaris"
Try following for solaris:
__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.
Reply With Quote
Reply

Tags
security , solaris


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads

Thread Thread Starter Forum Replies Last Post
Does SquirrelMail need X packages to run ? satimis Mail Servers 0 25-05-2008 09:00 PM
how to install deb packages raj Getting started tutorials 1 24-03-2008 11:58 PM
Uninstall remove yum packages zafar466 Linux software 5 19-01-2008 09:38 PM
Add and Remove packages utility zafar466 Linux software 1 19-02-2007 02:31 PM
Bittorrent Packages sbhupathireddy Linux software 1 14-11-2006 03:53 PM


All times are GMT +5.5. The time now is 03:35 PM.


Powered by vBulletin® Version 3.8.5 - Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2
©2005-2010 nixCraft. All rights reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38