From: Jim Horwath (jim.horwathrcn.com)
Date: Wed Jul 14 2004 - 16:22:03 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Abe,

You could try a few things:

- Harden the box without being connected to a network

- Install and run tripwire before the machine is connected
to the network. Store the database on read-only media. Run
tripwire on a regular basis once the system is connected
back to the network.

- Run the CIS Security benchmark tool against the system,
this will display a security rating based on standard
criteria.

- Run a nmap scan against the system

- Run a full blown NESSUS scan against the system. NESSUS
will also include nmap as part of the scan.

- Run the latest rootkit check.

- Document your installation procedure so you can prove your
methodology.

- List all isntalled packages

Regards,
Jim

---- Original message ----
>Date: Wed, 14 Jul 2004 10:37:48 -0700
>From: abe <abeabeowitz.com>
>Subject: Certifying a RedHat Install
>To: focus-linuxsecurityfocus.com
>
>My client wants me to certify there are no back doors in
the RedHat 9
>server we are going to deliver. It's a base RH9 install
with a few
>extra RPM's, like Guarddog.
>
>Question is what's the best way for us to certify this?
>* rpm -Va ?
>* A global md5 on each file?
>
>Also, what's the best way to minimize liability if they are
hacked? I
>don't want to get sued because the were negligent.
>
>Thanks,
>
>Abe
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]