Hardening scripts

Standard Toaster

Hey,

Was just looking to see if anyone has any hardening scripts for the likes of Red Hat-CentOS 5->6 and Solaris 9->11?

I've a number of servers to harden and would like to automate it if possible. These would be mainly web servers.

I have a generic script based on CIS_Redhat_Linux_5_Benchmark_v2.0.0 for RH to harden the box which I'll post up later.

Any input?

Saganist

For Solaris google SUNWjass.

Its a hardening package that should do the business.

Standard Toaster

Cheers for that, will have a sniff of it tomorrow.

madhatter76

Bumping this again.

for RHEL there are several scripts from https://fedorahosted.org/aqueduct/. But they seems to be outdated and not updated anymore.

Could you post or send or give tghe link please the one you have for CIS_Redhat_Linux_5_Benchmark_v2.0.0 which is the latest?

croo

Standard Toaster wrote: »

Hey,

Was just looking to see if anyone has any hardening scripts for the likes of Red Hat-CentOS 5->6 and Solaris 9->11?

I've a number of servers to harden and would like to automate it if possible. These would be mainly web servers.

I have a generic script based on CIS_Redhat_Linux_5_Benchmark_v2.0.0 for RH to harden the box which I'll post up later.

Any input?

I haven't tried it in many years but I used to run Bastille on my debian servers way back to harden them.

A little googling tells me you can run it on redhat too
http://bastille-linux.sourceforge.net/running_bastille_on.htm

I assume you enabled SELinux on the install.

syklops

If you didn't already, read the hardening guide from the NSA:
www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

Its for RHEL 5 but most things should work for RHEL 6. There are many commands mentioned, so just put them together into a script(each command on a new line).

Ant

syklops wrote: »

If you didn't already, read the hardening guide from the NSA:
www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

Its for RHEL 5 but most things should work for RHEL 6. There are many commands mentioned, so just put them together into a script(each command on a new line).

That's a great document. It gives just the right amount of explanatory information for the likes of me who doesn't want to just run some hardening script without knowing exactly what it's doing. A while back, I was helping another friend with a CentOS system and it took me a while to figure out what all those default services were doing. This would have been very useful at the time.

Unfortunately, I'm currently an Ubuntu user so it'll take extra time to transfer the instructions in this guide to an Ubuntu system.

syklops

Ant wrote: »

That's a great document. It gives just the right amount of explanatory information for the likes of me who doesn't want to just run some hardening script without knowing exactly what it's doing. A while back, I was helping another friend with a CentOS system and it took me a while to figure out what all those default services were doing. This would have been very useful at the time.

Unfortunately, I'm currently an Ubuntu user so it'll take extra time to transfer the instructions in this guide to an Ubuntu system.

I started work on a new version for RHEL 6, but my circumstances have changed a little and need to dive into OpenVMS(which is about as open as I am a lobster), so if you need any further help let me know.