Ok, how about this
go to http://debianhardened.sourceforge.net/ and read all the documentation they have (hint, there isn't any), then go to
http://hardened.gentoo.org
and read all the docs we've put there and notice that, indeed there is a difference and one would gain a higher understanding of security
ok, slashdotting via ssh is a Bad Thing, the machine is essentially at a standstill, calm down a bit and try later, or there are also other demo machines for debian and fedora here
http://www.coker.com.au/selinux/play.html
Thanks:)
Alot of my Gentoo specific comments were taken out of the article so I'll provide them below:
MAC's are only the enforcement part, auditing is also very important and sadly something lacking in LSM. We are looking into different auditing schemes to compliment SELinux.
Recently we have completely integrated PaX memory protections into the SELinux policy. Unfortunatly Redhat's Ingo wrote execsheild, which he admits provides less protection so most of the SELinux camp is not interested in the work we are doing in this area.
We also provide much tighter policies by default whereas Redhat/Fedora has chosen to make the user domains much less restrictive and 'user-friendly'. This isn't in line with the goals we've cited on out page http://hardened.gentoo.org . While user friendliness is important taking restrictions away from domains inevitably loosens security.
ah, and i forgot to mention that the patch.asp and stinger.asp have instructions and links to the patch and stinger to remove the worm both mirrored on campus for those computers which are unable to go to windows update (it also does OS detection to offer the correct patch)
the EXACT same thing happened here at our school, as an added problem our dorm access control system (on the doors) were on the same network and therefore flooded with the arp requests from Nachi/Welchia worms (tens of thousands of arp broadcasts per second). Practically everyone at school uses our school portal my.snu.edu, there is a demo if anyone is interested, so we made the login page redirect to a php script on a linux box with would detect both the vulnerability and the infection. The infection can be detected by looking for a responsive tftp port, here is the script
http://web.snu.edu/~jbrindle/scan.phps
the sourcecode for the rpc-dcom checker is at http://www.derkeiler.com/Mailing-Lists/securityfoc us/bugtraq/2003-08/0038.html
Hope this helps!
Slashdot Mirror
Ok, how about this go to http://debianhardened.sourceforge.net/ and read all the documentation they have (hint, there isn't any), then go to http://hardened.gentoo.org and read all the docs we've put there and notice that, indeed there is a difference and one would gain a higher understanding of security
ok, slashdotting via ssh is a Bad Thing, the machine is essentially at a standstill, calm down a bit and try later, or there are also other demo machines for debian and fedora here http://www.coker.com.au/selinux/play.html Thanks :)
Alot of my Gentoo specific comments were taken out of the article so I'll provide them below:
MAC's are only the enforcement part, auditing is also very important and sadly something lacking in LSM. We are looking into different auditing schemes to compliment SELinux.
Recently we have completely integrated PaX memory protections into the SELinux policy. Unfortunatly Redhat's Ingo wrote execsheild, which he admits provides less protection so most of the SELinux camp is not interested in the work we are doing in this area.
We also provide much tighter policies by default whereas Redhat/Fedora has chosen to make the user domains much less restrictive and 'user-friendly'. This isn't in line with the goals we've cited on out page http://hardened.gentoo.org . While user friendliness is important taking restrictions away from domains inevitably loosens security.
ah, and i forgot to mention that the patch.asp and stinger.asp have instructions and links to the patch and stinger to remove the worm both mirrored on campus for those computers which are unable to go to windows update (it also does OS detection to offer the correct patch)
the EXACT same thing happened here at our school, as an added problem our dorm access control system (on the doors) were on the same network and therefore flooded with the arp requests from Nachi/Welchia worms (tens of thousands of arp broadcasts per second). Practically everyone at school uses our school portal my.snu.edu, there is a demo if anyone is interested, so we made the login page redirect to a php script on a linux box with would detect both the vulnerability and the infection. The infection can be detected by looking for a responsive tftp port, here is the script http://web.snu.edu/~jbrindle/scan.phps the sourcecode for the rpc-dcom checker is at http://www.derkeiler.com/Mailing-Lists/securityfoc us/bugtraq/2003-08/0038.html
Hope this helps!