Jump to content
Can't remember your login details? Read more... ×
Sign in to follow this  
Xen

Anyone know of some decent system hardening / baseline scanning tools

Recommended Posts

As per subject, does anyone know of any decent automated system hardening tools for Linux (RHEL / SLES / Debian) and Windows (Server 2008) that are preferably free?

 

I'd like to see if anything picks up things that I've missed on my server configurations but everything seems to cost a fortune or to not have been updated for years.

 

Tripwires security cheq seems decent but I'm a tight ass that relies on FOSS software.

 

It looks like Bastille hasn't been updated for a while either which is unfortunate as it ran a nice check list of some basic things that were easy to miss at times.

Share this post


Link to post
Share on other sites

Not aware of any automated tools for FOSS unless you count metasploit or NMAP to create something. For windows you can use the ms security compliance manager. I've found that pretty useful when building a hardened OS based on the CIS Benchmarks. Even just looking at that website they have a free trial to their CIS Configuration assesment tool. Not sure whats involved in registering for that but you can get the PDF benchmarks with just an email address and build something yourself.

 

PS that ms tool has its own baseline recommendations based on what type of environment you are in too.

Edited by coolbreeze

Share this post


Link to post
Share on other sites

Not aware of any automated tools for FOSS unless you count metasploit or NMAP to create something. For windows you can use the ms security compliance manager. I've found that pretty useful when building a hardened OS based on the CIS Benchmarks. Even just looking at that website they have a free trial to their CIS Configuration assesment tool. Not sure whats involved in registering for that but you can get the PDF benchmarks with just an email address and build something yourself.

 

PS that ms tool has its own baseline recommendations based on what type of environment you are in too.

Thanks ill have a look.

Share this post


Link to post
Share on other sites

If its not built into BACKTRACK os, I don't know about it.

 

But if you haven't heard of backtrack; welcome.

Backtrack is more of scanning / exploiting (And it's Kali Linux now).

 

I actually keep a laptop at work loaded up with it.

 

I was more looking for tools similar to the way Bastille Linux worked, just sort of catch anything i hadn't noticed.

Share this post


Link to post
Share on other sites

hadnt heard of that one before.... looks bloody cool!

Any reasn you're not using Bastille? it looks like you could compile it on whatever server you need.

Share this post


Link to post
Share on other sites

hadnt heard of that one before.... looks bloody cool!

Any reasn you're not using Bastille? it looks like you could compile it on whatever server you need.

It's pretty outdated now and doesn't work on our servers with out some annoyance getting it to work.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×