Fedora Linux Support Community & Resources Center
  #1  
Old 20th October 2011, 02:07 PM
birdwatcher
Guest
 
Posts: n/a
linuxfirefox
I'm thinking about making a "secure your Fedora" script

The thing with Fedora is the same as with Ubuntu. Its a safe OS but has a lot of bloat and security hassards running by default, its optimised for usability and not as much for security.

So my Idea was to make a simple script somehow that asks the users questions and configure Fedora based on their needs and according to NSA guidlines + the fedora security manual and of course what the user need.

Instead of what the user may need. Note however that I plan on having it ONLY make changes that the user wishes for, but the program should guide the users to what changes could be a good idea to make.

The idea is to have questions like: Will you be using IPv6? If not the program disable it all togheter, if yes the program pops up a lot of options (text based) and helps the user to take action and configure the protocoll more securley (if they wish, or they move to the next thing..).

And possible also have this program run a security check to see how well the system is configured according to these guidelines. The thing here is that I wasn't planning on using anything graphical, just a simple "Y/N" questions and "cat", "cd", "rm" etc basic commands and stuff of that nature, the script will be acessing and altering a lot of files, however what would you guys reccomend that I use to make this happen?

Also is there any stuff of this nature out there?

And whats your thoughts on a small "project" like this? Will it come to any use?
Reply With Quote
  #2  
Old 20th October 2011, 02:15 PM
jpollard Online
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,816
linuxfedorafirefox
Re: I'm thinking about making a "secure your Fedora" script

By the time you research all the alternatives, things will have changed...

But you would have a document that would be VERY helpful.
Reply With Quote
  #3  
Old 20th October 2011, 02:35 PM
birdwatcher
Guest
 
Posts: n/a
linuxfirefox
Re: I'm thinking about making a "secure your Fedora" script

Quote:
Originally Posted by jpollard View Post
By the time you research all the alternatives, things will have changed...

But you would have a document that would be VERY helpful.
I understand that it may not have all the alternatives (tweaks) offered at all the given time but at least most of the suggested (important changes) should be possible to set with my program.

Covering a few security hassards is better than covering nothing is my motto. I won't be presenting anything new except making the process of making most of the documentated security changes a bit more automatic.

It will be for people that enjoy tweaking or just want a higher security setting but are too lazy to read manuals and manually change all the things. Ofc it won't have all the possible tweaks in the world, but hopefully the basics from NSA (that apply to Fedora) is a good start. I plan on covering the standard setup basically. Meaning the programms that comes with a fresh installation.

Now I need some suggestions as to what I should use to make this happen. I have a lot of experience coding stuff in PHP/ajax and databases, but not so much in coding native applications.
I really hope I can make the "program" ready for the Fedora 16 release, tho I understand that my expetations may be unrealistic. Lol.

Last edited by birdwatcher; 20th October 2011 at 02:41 PM.
Reply With Quote
  #4  
Old 20th October 2011, 06:32 PM
beaker_ Offline
Registered User
 
Join Date: Nov 2008
Location: Canada
Posts: 2,365
windows_7firefox
Re: I'm thinking about making a "secure your Fedora" script

Quote:
I understand that it may not have all the alternatives (tweaks) offered at all the given time but at least most of the suggested (important changes) should be possible to set with my program.

Covering a few security hassards is better than covering nothing is my motto. I won't be presenting anything new except making the process of making most of the documentated security changes a bit more automatic.

It will be for people that enjoy tweaking or just want a higher security setting but are too lazy to read manuals and manually change all the things. Ofc it won't have all the possible tweaks in the world, but hopefully the basics from NSA (that apply to Fedora) is a good start. I plan on covering the standard setup basically. Meaning the programms that comes with a fresh installation.

Now I need some suggestions as to what I should use to make this happen. I have a lot of experience coding stuff in PHP/ajax and databases, but not so much in coding native applications.
I really hope I can make the "program" ready for the Fedora 16 release, tho I understand that my expetations may be unrealistic. Lol.

The most vulnerable system is one you don't understand. Those systems will always have or suffer from ID10T and between keyboard & chair failures. But +1 for it being a very good document.
Reply With Quote
  #5  
Old 20th October 2011, 08:47 PM
birdwatcher
Guest
 
Posts: n/a
unknownunknown
Re: I'm thinking about making a "secure your Fedora" script

Quote:
Originally Posted by beaker_ View Post
The most vulnerable system is one you don't understand. Those systems will always have or suffer from ID10T and between keyboard & chair failures. But +1 for it being a very good document.
Ok, do you have any suggestions for a good language to use when I attempt to make this "project"? I would appriciate a language that can do this but also with a learning curve that isn't too high.
Reply With Quote
  #6  
Old 20th October 2011, 09:39 PM
jpollard Online
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,816
linuxfedorafirefox
Re: I'm thinking about making a "secure your Fedora" script

I would suggest starting with English.

Document what you want to do - finding the appropriate implementation language should be relatively easy once you know how complex the solutions will need to be. Initial guess would be python, as it is easily tested, has GUI capability, and can perform rather complex tasks that are awkward to do in other scripting languages.
Reply With Quote
  #7  
Old 21st October 2011, 12:54 AM
birdwatcher
Guest
 
Posts: n/a
unknownunknown
Re: I'm thinking about making a "secure your Fedora" script

Quote:
Originally Posted by jpollard View Post
I would suggest starting with English.
I know my spelling isn't perfect tho I do my best to become better.

Quote:
Originally Posted by jpollard View Post
Document what you want to do - finding the appropriate implementation language should be relatively easy once you know how complex the solutions will need to be. Initial guess would be python, as it is easily tested, has GUI capability, and can perform rather complex tasks that are awkward to do in other scripting languages.
Can you reccomend a pyton package that works with Fedora and also has a GUI? : )
Reply With Quote
  #8  
Old 21st October 2011, 01:47 AM
jpollard Online
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,816
linuxfedorafirefox
Re: I'm thinking about making a "secure your Fedora" script

Fedora includes python, though I'm not familiar with the GUI, a number of the menu utilities are written in python.
Reply With Quote
  #9  
Old 21st October 2011, 02:44 AM
fedvasu Offline
Registered User
 
Join Date: Jan 2011
Location: Nowhere
Posts: 386
linuxfirefox
Re: I'm thinking about making a "secure your Fedora" script

i second python , anaconda is written in python (GUI).

yum is written in python (CLI)

two of the most popular and important programs.

---------- Post added at 07:14 AM ---------- Previous post was at 07:10 AM ----------

a quick update, you may wanna use either tkinter for writing GUI,which is in standard library of cpython but in Fedora you have install it

yum install tkinter

but there are very good bindings to QT4 both in legacy python 2.x and python 3.x.

GTK thing is kinda complicated, so don't worry about GTK.
__________________
Programming is one of the most difficult branches of applied mathematics; the poorer mathematicians had better remain pure mathematicians.
--Edward W. Dijkstra

Last edited by fedvasu; 21st October 2011 at 07:15 PM.
Reply With Quote
  #10  
Old 21st October 2011, 06:26 PM
markkuk Offline
Registered User
 
Join Date: Apr 2005
Location: Finland
Posts: 5,075
windows_xp_2003firefox
Re: I'm thinking about making a "secure your Fedora" script

Quote:
Originally Posted by birdwatcher View Post
So my Idea was to make a simple script somehow that asks the users questions and configure Fedora based on their needs and according to NSA guidlines + the fedora security manual and of course what the user need.
(...)
Also is there any stuff of this nature out there?
Yes, Bastille does basically what you intend your script to do. Its development seems to have stagnated a couple of years ago.
Reply With Quote
  #11  
Old 21st October 2011, 08:29 PM
jpollard Online
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,816
linuxfedorafirefox
Re: I'm thinking about making a "secure your Fedora" script

Bastille pretty much collapsed after SELinux was merged into the kernel.

What it did was pretty basic - check uids/gids, check processes, validate file configurations. I believe it also could establish chroot jails for some services.

What it couldn't do was be general use - there were just too many different configurations people wanted. It also couldn't secure services that were locally developed, or came from outside the distribution.

SELinux can do that.
Reply With Quote
  #12  
Old 24th October 2011, 04:47 AM
birdwatcher
Guest
 
Posts: n/a
unknownunknown
Re: I'm thinking about making a "secure your Fedora" script

Guys I checked out Python but also I looked at shell scripting. Anyway I made a simple script in shell, no way complete.

If someone is willing to test my script I would be happy...

anyway:

http://www.mediafire.com/?zfb4rgwyr3ew1j2

This script is meant to be running on Fedora 15 and only covers some basics, it shuldn't mess up anything since I only included so little, and I purposley left out stuff that I felt was very dangerous. as stated: its only some of the very basics, as of now. If this script is usefull I may improve it and make sure that its more complete and more fault tollerant. Feel free to test it and tell me if this is a keeper.

To run this script:

1) place it in your home folder.
2) right click -> properties. Permissions -> thick the box "allow executing file as program"
3) open a terminal window, log in as 'su -' lunch the file from the terminal (one way to do this is by draging "my file" to the terminal window when running as su -).
4) the program should have started by now..
Reply With Quote
  #13  
Old 24th October 2011, 04:14 PM
sea Offline
"Shells" (of a sub world)
 
Join Date: May 2011
Location: Confoederatio Helvetica (Swissh)
Age: 34
Posts: 3,291
linuxfirefox
Re: I'm thinking about making a "secure your Fedora" script

Hmm had a 1 minute waiting on mediafire, nothing happend (there was a loading symbol though)t, so i closed it.
__________________
Laptop: Toshiba satellite p50-a-11 CPU: Intel i7 8*2400 MHz GPU: GeForce GT 745M RAM: 8192 MB Distro: Fedora (Rawhide) DE: Awesome
Text User Interface (TUI) // Windows 8+ & Fedora 20+ Dualboot
Reply With Quote
  #14  
Old 24th October 2011, 05:40 PM
birdwatcher
Guest
 
Posts: n/a
unknownunknown
Re: I'm thinking about making a "secure your Fedora" script

Thats odd, download link works from here. Thanks for letting me know and showing intresst, here is 2 new links if you still want to try it out:

http://www.sendspace.com/file/sp32i4
http://www.speedyshare.com/files/309...uxsecscript.py

The script only covers very little as of now, but I may expand it if its useful to someone.

Mostly I want some feedback on the way changes are made and if the program is understandable if possible.
Reply With Quote
  #15  
Old 26th October 2011, 06:27 PM
droidhacker Offline
Registered User
 
Join Date: Oct 2009
Posts: 827
linuxfirefox
Re: I'm thinking about making a "secure your Fedora" script

Don't waste your time writing scripts. Unless the script is validated and included in Fedora itself, it will be useless. The NUMBER ONE WORST possible thing that ANYONE can do, is running some script they downloaded from the internet as root. Even if you make it with the best of intentions, it would be SO ABSOLUTELY STUPID for anyone to actually run it without understanding EVERY SINGLE LINE OF IT, that it should be CRIMINAL.

If somebody is going to go to the trouble of learning every single line of your code, they would be far better off just securing everything themselves.

FOCUS ON DOCUMENTATION AND RECOMMENDATIONS. Give people suggestions about what they can do to secure their systems. Don't give them code to run, since their acceptance of that code would prove that they are complete retards.

I.e., how can they possibly know that you are trustworthy? Maybe you're a hacker and built a rootkit and are passing it off for the complete opposite. I'm not saying that you are, but how do "they" know?
Reply With Quote
Reply

Tags
making, script, secure your fedora, thinking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
"illegal module type: so" in /var/log/secure on login fail Crysm Using Fedora 4 8th September 2008 01:00 AM
Fedora Core 9: Screen Resolution can not change from "800X600" to "1024X 768" csoftvietnam Using Fedora 7 26th August 2008 02:11 AM
Making "Browse for other folders" section of Save As dialog open by default. tmgeorgo Using Fedora 2 29th November 2006 12:24 AM
GUI "just makes it work" script for Fedora orvils Guides & Solutions (No Questions) 24 19th October 2006 03:07 AM
Error:visibility arg must be one of "default", "hidden", "protected" or "internal" wangfeng Using Fedora 0 23rd May 2005 04:59 AM


Current GMT-time: 11:27 (Saturday, 23-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat