PDA

View Full Version : [all variants] vulnerability scanner



DBrocks
May 13th, 2008, 08:20 PM
Hey guys,

I am running Hardy SE. I want to secure it, despite the fact that it is linux. My friend is managing a gentoo server at our old school. Gentoo has a command to check for security vulnerablities from command line, and resolve them. How can I do that? Thanks!

~Dan

pytheas22
May 13th, 2008, 09:19 PM
I don't know of any one-stop command to find and fix security issues, but you could install rkhunter and chkrootkit (both in repositories) to perform rootkit checking. You could also think about OSSEC (http://ossec.net) to monitor the system for suspicious activity, auto-respond to remote attacks and so on.

DBrocks
May 13th, 2008, 09:38 PM
So, can OSSEC be run from CLI?

pytheas22
May 13th, 2008, 09:58 PM
So, can OSSEC be run from CLI?

Yes, in fact it can only be controlled from the command-line; there's no GUI. But it's not a utility that you run once to scan for vulnerabilities; it provides services to run constantly and watch for things like changes to system configuration files, failed logon attempts and lots more. Then it can send mail to you about any potential security problems; it can also do stuff like automatically blacklist IP addresses to shutdown for instance bruteforce attacks against sshd. Basically its purpose is to monitor your system all the time and report any activity that could be indicative of a break-in attempt or compromise.

.rdg
May 13th, 2008, 09:58 PM
I'd also recommend rkhunter and chkrootkit. You can also add Lynis to that.

There's also the general rule of securing - keep only what you need (meaning least services required should be running) and know how to run that (secure as much as possible each of your daemons). In addition to that make your system firewall tight and it should be a good base start.