Re: Comparing linux distros.

From: Alvin Oga (alvin.sec_at_Virtual.Linux-Consulting.com)
Date: 02/25/05

  • Next message: Ranjan Sengupta: "Re: CISSP without experience" 
    To: maillist@braindead.nu (Lars Georg Paulsen)
Date: Thu, 24 Feb 2005 20:08:55 -0800 (PST)

    hi ya lars

    > I'v just started on my bachlor paper. It's about comparing 4 different

    good project ..

    for repeatability and expandability,

            i'd like to suggest that the "testing process" where possible be
            done by automated scripts AFTER the initial ssystem has been
            installed from the distro cdrom

            - that'd be lots of testing scripts for each "item" you want
            to check for each distro

    > linux distros (debian, slack, mandrake, fedora). I'm going to have a

    i hate to add mroe work for you, but you should seriously consider
    redhat and suse too .. since those are $3,000 software packages
    ( is it worth the $$$ for it to say "enterprise blah blah" )

    > look at how well the diffent system are protected. All distro's are
    > going to be installed with default settings, so they should almost be at
    > the same level. I would like to test how well they are secured
    > out-of-the-box.

    very good ... :-) especially with the defaults kernels too ..

    > Both from remote and from local consoll.

    you might not get the same results if you allow the tests from remote
    (network) install vs a local install from cdrom

    > What I have set up to now;
    > - Port scanning;
    > I would like to do a portscan (using nmap)
    > Maping service that are running as default on every distro.
    > Check if any of the distro have any default settings for logging
    > such activites. trough out /var/log/* or any where els.
    > Also using the -O -v flag for nmap so I can get information about
    > TCP sequence prediction, and IPID sequence generation.

    you'd also want to know that the apache or sendmail or exim or bind
    that is running is an exploitqable version ..

            - one typically does not care that port 53, port25, port80 is open

    > - Nessus vun. test;
    > Run a test just to check the results, compared to what I'v got from
    > nmap.

    different kind of tests results between nessus and nmap ..

    nessus does a lot more

    > - Local file security;
    > I'v notice that on some box's there are special commands, ex,
    > ' /bin/ping '. Are the other program that you would like to check
    > priviliges to? and what about normal users reading system files,
    > configures settings under /etc/* , any viewpoints?

    just about every distro have their default setting for the beginners
    and NOT very secure

    the default installs also have "online updates" that they allow
    when its first installed
            - is an online update considered "out-of-the-box" install ??

            i say it is, since its one of the very first thing you
            should be REQUIRED to do ... before using it
            ( and even slackware has online patches )

    > The hole point for my bachlors paper is comparing the 4 distro's up
    > agains eachother. Bare in mind, this is just a small part of the hole
    > bachlor paper, so I don't want to go all the way to the bottom.

    that is the resulting comparison supposed to show ???

            - that redhat's kernels is hackable ??

            - that debian's default install is a modified version
            compared to the same app installed on other distro ?

            - ease of installation and patches ??

            - time to install ??

            - how ez it would be to hack into the default config ??

            - how ez it is to ddos the default server into useless continuum ??

    > Any suggestions? on what do you guys think I should include?, or drop
    > out...
     
    i'd drop mandrake ... as it's NOT in the list of "distro's" that
    people/corps are willing to pay $$$ for it being installed and shipped
    to the corp or individual clients

            - we also spend a day to tweek the "security" of the servers
            if they are wanting a "clean hardened" server vs generic
            5min cdrom install

    c ya
    alvin

  • Next message: Ranjan Sengupta: "Re: CISSP without experience"

    Relevant Pages

    • Re: Help installing Nmap
      ... rpm -e nmap nmap-frontend ... > I'm trying to install nmap-3.50xxx.rpm on a redhat ... > We provide Ethical Hacking, ...
      (Security-Basics)
    • Re: apt-get install problem in Debian due to source dependency
      ... > nmap v3.75 was compiled from its source. ... > How do I install foomatic-gui without this dependency requirement? ... You can also use the equivs package to create an empty nmap dummy ...
      (comp.os.linux.setup)
    • Re: Setting up a tftp-server in fedora?
      ... yum -y install tftp-server ... nmap -sS 127.0.0.1 ... I have a tftp server running. ...
      (Fedora)
    • [Full-disclosure] intrusion kit
      ... exploiting a sql injection to get Administrator access to a windows server. ... example, If i want to install nmap, i need to install winpcap (which has no ... vnc connection I also need a point and click interface. ... vnc, nmap, pwdump, ssh client, etc. ...
      (Full-Disclosure)
    • Re: NMap Installation Problem - Thanks for the coding help :)
      ... nmap for some time, I have got problem running a simple command of nmap ... I have also typed in "make deinstall clean" on both of the directory ... location, restart the OS, and install everything again using the "make ... Linux Quest ...
      (freebsd-questions)