PDA

View Full Version : FREE Fedora Server Security Audit by Fedora Forum Staffs



ewdi
6th August 2004, 10:30 PM
FREE Fedora Server Security Audit by Fedora Forum Staffs

FedoraForum.org staff have taken up their free time to help you audit your server security.

This free help is available on server running fedora linux only (C1 & C2)
We will give you a report of security issues (If any).

You dont have to give us access to your server, just the IP address.

This volunteer work will last througout This week and Next week.
To apply please send email with your IP address to admin@NOSPAMfedoraforum.org or admin@NOSPAMlinux.io (REMOVE NOSPAM)
Thank You.

About : Fedora Forum is the premier support forum for fedora linux.
URL : http://www.fedoraforum.org

rkl
7th August 2004, 01:24 AM
I think offering to "audit your server security" and then not either telling us what the audit entails or what software you'll be using doesn't make me want to rush to take up your kind offer :)

I was ironically looking at nessus (http://www.nessus.org/) today to possibly run this on our work network periodically via cron to test the security of all the (heterogenous) machines we have attached (both inside and outside the hardware firewalls we have in place).

The problem is that you can test your company's network security yourself via nessus, but no-one you're trying to impress (e.g. for contract bids) will believe you and you end up having pay thousands to a third-party security testing company, who probably either just run nessus and produce a pretty report or possibly run an inferior tool to nessus.

Still, nessus is handy even then - you run it, sort out any problems, run it again, get a clean bill of health from nessus and *then* bring in the expensive external testers - they should find a pretty clean system and give you a good security rating and, just as important, they'll probably only need one run (cos you probably pay per test run) to give you that good rating.

Oh, why isn't nessus shipped with Fedora Core 2? It's a very useful security tool and is GPL'ed. I can't understand its omission at all...

ewdi
7th August 2004, 01:32 AM
hand scanning, port scanning and more, some home made scanning application that mimic retina. After we do this scanning we will send you teh report of the scanning, it will scan your daemon version to match with certain vunerabilities lists and list them based on priority on the flaw.

ats-tech
7th August 2004, 03:05 AM
I agree, tell us exactly what you are going to do, then maybe... otherwise I'll wait for the blackhats.

ewdi
7th August 2004, 03:07 AM
i just post it above, scan for application version and match it with vunrabilities lists on each version if any.

ats-tech
7th August 2004, 03:10 AM
hand scanning, port scanning and more, some home made scanning application that mimic retina.

That's not specific. Idno. I love the forums and what you guys have done with the place, but still tentative to say "scan me" and report back. Good thought, I hope people take you up on it as it would probably do alot of good. As for me, I'll stick with nessus and scan myself.

superbnerd
7th August 2004, 03:57 AM
at least people are paranoid. and not just blindly inviting people to find vulnerablities in their servers. with users like this, linux may remain as secure as it is even after 20% market share. Keep up the paranoia fedoraforum and remember your tin foil hats.

ats-tech
7th August 2004, 04:09 AM
Tinfoil hats huh... you think there's trolls around here?

superbnerd
7th August 2004, 04:13 AM
I am sure some of this crowd is from slashdot, right?

ats-tech
7th August 2004, 04:25 AM
I would think there would be a few people here that viisit slashdot on a regular basis. =)

flea
11th August 2004, 02:02 AM
iptables policy DROP. :D

Picomp314
12th August 2004, 09:17 PM
no no no you have it all wrong, the tin foil is to prevent the aliens (microsoft)from reading our minds, and designing a decent piece of software
i scan myself quite often, i'd rather do it myself