while i'm getting better, i'm still a newb at linux :o ...I need to secure a RedHat 3 Enterprise server that will be running an oracle 9i database. are there any good security lockdown guides available for both the OS and Oracle? I considered using Bastille but it doesn't seem to support redhat 3... most of the lockdown guides I find for RedHat are old...for version 6/7/8...

any help would be HUGELY appreciated...

thanks

 

I posed the question to a security guy in Reading. He should come back with some suggestions.

You should be able to turn off any unused services/ports on that.

 

thanks!

 

Lots of things. Turn off NFS, RPC ,Sendmail, Anaconda, NetFS, There's probably 10-15 things you can shutoff... easy.


What run level are you? do a ls -la in your rcX.d and I can tell you

(some of it depends on what you installed) send it to me in a PM if you like.

 

Sig, I actually haven't had the chance to even log into this server yet. It's in a secured computing area on an isolated vlan. I've been tasked with coming up with a lockdown script/plan and was looking for an end to end document that covered industry best practice lockdown steps. Something similar to what's found on the NSA's website for OS's and applications...although they don't have Linux docs, and their oracle 9i doc. is for windows 2000.

 

i'm guessing i'll be runlevel 5 when working on this thing btw. you know us windows guys we like our GUI's.

 

depending on how lockdowned you want to get, tcp wrappers will help to secure access to network services that you have to run

 

these tools are pretty good for checking out a machine and seeing what is running/accessible. they also match what is running with what known exploits are out there. pretty good stuff.

http://www.eeye.com/html/Products/Retina/

http://www.gfi.com/lannetscan/

 

thanks for the replies.

well, we already have many vulnerability scanners at our disposal..so no need for that....as for tcp wrappers etc, that's great, but i need to have a complete step by step, end to end server hardening document not only for me but for our auditors...these documents tend to be fairly long....at least for windows. basically i can't just tell our auditors i disabled this/that/the other...i need to obtain a guide from a fairly reputable source...or create one on my own using a combination of industry best practice guides.

 

if you're looking for docs on best practices, check the following:


http://www.cert.org/security-improvement/
http://www.nsa.gov/snac/downloads_al...nuID=scg10.3.1

 

thanks but i had actually already checked both of those and no linux guides to be found . I think i'm just going to order a book off amazon.com...any recommendations?

 

Hmm, not sure of any good books on it...

There's a lot of different aspects of security.... physical, software, OS, good security practices. I doubt there's one book with all the info you need. But it might be a good road to start down.

If you ever do get into the box, I can tell you what to turn off and why (regards to my post above)

Really without knowing whats running specifically it hard to say what to shutoff.

And a lot of good practices to follow...

also add a "lsof -i" output along with a directory lising in your rc5.d

 

i've found a few 'Securing Linux' type books and they seem to be pretty comprehensive from their reviews...as for non-platform specific security stuff...physical...etc.. heheh I got that covered...i'm a network security engineer for the federal reserve dude...cmon now i'm not THAT lame...we just recently added linux to our environment