Comparing linux distros.

From: Lars Georg Paulsen (maillist_at_braindead.nu)
Date: 02/22/05

  • Next message: Monty Ree: "anyone who saw this arp traffic?" 
    To: sec-basic list <security-basics@securityfocus.com>
Date: Tue, 22 Feb 2005 15:22:24 +0100

    Hi list.

    I'v just started on my bachlor paper. It's about comparing 4 different
    linux distros (debian, slack, mandrake, fedora). I'm going to have a
    look at how well the diffent system are protected. All distro's are
    going to be installed with default settings, so they should almost be at
    the same level. I would like to test how well they are secured
    out-of-the-box.
    Both from remote and from local consoll.

    What I have set up to now;
    - Port scanning;
            I would like to do a portscan (using nmap)
            Maping service that are running as default on every distro.
            Check if any of the distro have any default settings for logging
            such activites. trough out /var/log/* or any where els.
            Also using the -O -v flag for nmap so I can get information about
    TCP sequence prediction, and IPID sequence generation.

    - Nessus vun. test;
            Run a test just to check the results, compared to what I'v got from
    nmap.

    - Local file security;
            I'v notice that on some box's there are special commands, ex,
    ' /bin/ping '. Are the other program that you would like to check
    priviliges to? and what about normal users reading system files,
    configures settings under /etc/* , any viewpoints?

    The hole point for my bachlors paper is comparing the 4 distro's up
    agains eachother. Bare in mind, this is just a small part of the hole
    bachlor paper, so I don't want to go all the way to the bottom.

    Any suggestions? on what do you guys think I should include?, or drop
    out...

    thanks in advance.

    cheers
    Lg 

    -- 
Lars Georg Paulsen <maillist@braindead.nu>
  • Next message: Monty Ree: "anyone who saw this arp traffic?"