[Standard Toaster]

Hey,

Was just looking to see if anyone has any hardening scripts for the likes of Red Hat-CentOS 5->6 and Solaris 9->11?

I've a number of servers to harden and would like to automate it if possible. These would be mainly web servers.

I have a generic script based on CIS_Redhat_Linux_5_Benchmark_v2.0.0 for RH to harden the box which I'll post up later.

Any input?

[Saganist]

For Solaris google SUNWjass.

Its a hardening package that should do the business.

[Standard Toaster]

Cheers for that, will have a sniff of it tomorrow.

[madhatter76]

Bumping this again.

for RHEL there are several scripts from https://fedorahosted.org/aqueduct/. But they seems to be outdated and not updated anymore.

Could you post or send or give tghe link please the one you have for CIS_Redhat_Linux_5_Benchmark_v2.0.0 which is the latest?

[croo]

Quote:

Originally Posted by Standard Toaster

Hey,

Was just looking to see if anyone has any hardening scripts for the likes of Red Hat-CentOS 5->6 and Solaris 9->11?

I've a number of servers to harden and would like to automate it if possible. These would be mainly web servers.

I have a generic script based on CIS_Redhat_Linux_5_Benchmark_v2.0.0 for RH to harden the box which I'll post up later.

Any input?

I haven't tried it in many years but I used to run Bastille on my debian servers way back to harden them.

A little googling tells me you can run it on redhat too
http://bastille-linux.sourceforge.ne...astille_on.htm

I assume you enabled SELinux on the install.

[syklops]

If you didn't already, read the hardening guide from the NSA:
http://www.nsa.gov/ia/_files/os/redh...guide-i731.pdf

Its for RHEL 5 but most things should work for RHEL 6. There are many commands mentioned, so just put them together into a script(each command on a new line).

[Ant]

Quote:

Originally Posted by syklops

If you didn't already, read the hardening guide from the NSA:
http://www.nsa.gov/ia/_files/os/redh...guide-i731.pdf

Its for RHEL 5 but most things should work for RHEL 6. There are many commands mentioned, so just put them together into a script(each command on a new line).

That's a great document. It gives just the right amount of explanatory information for the likes of me who doesn't want to just run some hardening script without knowing exactly what it's doing. A while back, I was helping another friend with a CentOS system and it took me a while to figure out what all those default services were doing. This would have been very useful at the time.

Unfortunately, I'm currently an Ubuntu user so it'll take extra time to transfer the instructions in this guide to an Ubuntu system.

[syklops]

Quote:

Originally Posted by Ant

That's a great document. It gives just the right amount of explanatory information for the likes of me who doesn't want to just run some hardening script without knowing exactly what it's doing. A while back, I was helping another friend with a CentOS system and it took me a while to figure out what all those default services were doing. This would have been very useful at the time.

Unfortunately, I'm currently an Ubuntu user so it'll take extra time to transfer the instructions in this guide to an Ubuntu system.

I started work on a new version for RHEL 6, but my circumstances have changed a little and need to dive into OpenVMS(which is about as open as I am a lobster), so if you need any further help let me know.