Results 1 to 5 of 5

Thread: OS Hardening - Packages required by a program

  1. #1
    Junior Member
    Join Date
    Jul 2008
    Location
    Mother Earth
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default OS Hardening - Packages required by a program

    Hi,

    I'm in the process of installing a firewall and would like to harden the OS by installing only the bare minimum OS packages required for the firewall software to run.

    The firewall vendor has not provided any OS hardening document. How do I find out which files (and from that info -> which packages) are required for the firewall to run?

    I have set up another (test) system with a full OS install and the firewall installed and am in the process of digging into it.

    Any help would be appreciated.

  2. #2
    Contributors amitabh's Avatar
    Join Date
    Jul 2008
    Location
    New Delhi
    Posts
    123
    Thanks
    0
    Thanked 5 Times in 4 Posts
    Rep Power
    8

    Default

    which firewall and which distro/os?

  3. #3
    Junior Member
    Join Date
    Jul 2008
    Location
    Mother Earth
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    Checkpoint NGX on Solaris 10 on a Sun 480R box.

    I deliberately made the question generic because it could be applied for hardening the OS wrt to any application you wish to install.

    Cheers

  4. #4
    Contributors amitabh's Avatar
    Join Date
    Jul 2008
    Location
    New Delhi
    Posts
    123
    Thanks
    0
    Thanked 5 Times in 4 Posts
    Rep Power
    8

    Default

    Different distros/os have different approaches towards packages applications.

    *BSD and Debian prefer to keep it bare bones, and then you add packages as and when required. This helps you to keep the bare minimum apps necessary on your servers.

    Others like Red Hat based distribution have a large set of default apps/packages installed unless you configure it otherwise during install time.

    Personally I moved on to *BSD long time back for some very similar reasons. You get a bare bones OS, over which you only install stuffs that are absolutely needed.

  5. #5
    Is that all you got? rockdalinux's Avatar
    Join Date
    May 2005
    Location
    Planet Vegeta
    Posts
    987
    Thanks
    27
    Thanked 71 Times in 62 Posts
    Rep Power
    19

    Default

    Have you tried SourceForge.net: Bastille-linux / Bastille Unix ? It currently functions on most major Linux distributions as well as Mac OSX and HP-UX. By looking at source code you will get idea about Solaris version.

    Few suggestions:
    1. Install required softwares only
    2. Firewall should close all incoming and outgoing traffic, then open required incoming and outgoing ports. Also, run firewall in stateful mode.
    3. Always keep system up to date
    4. Install BSM
    5. Google for "trusted solaris"

    Try following for solaris:
    Rocky Jr.
    What's wrong? I hope I am not making you uncomfortable...

    Never send a boy to do a mans job.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Does SquirrelMail need X packages to run ?
    By satimis in forum Mail Servers
    Replies: 0
    Last Post: 25th May 2008, 09:00 PM
  2. how to install deb packages
    By raj in forum Getting started tutorials
    Replies: 1
    Last Post: 24th March 2008, 11:58 PM
  3. Uninstall remove yum packages
    By zafar466 in forum Linux software
    Replies: 5
    Last Post: 19th January 2008, 09:38 PM
  4. Add and Remove packages utility
    By zafar466 in forum Linux software
    Replies: 1
    Last Post: 19th February 2007, 02:31 PM
  5. Bittorrent Packages
    By sbhupathireddy in forum Linux software
    Replies: 1
    Last Post: 14th November 2006, 03:53 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •