Forgot your password?
typodupeerror
Security Software Linux

U.S. Navy Works To Improve Linux Security 20

Posted by timothy
from the gnu-linux dept.
MrPhiles writes "Just saw an article at Washington Technology talking about how the Navy is developing a Secure Auditing tool for Linux. I think it's cool that government agencies are taking steps to obtain credentials necessary for open source use in high-security environments."
This discussion has been archived. No new comments can be posted.

U.S. Navy Works To Improve Linux Security

Comments Filter:
  • Great but (Score:5, Insightful)

    by jsse (254124) on Monday May 05, 2003 @09:51PM (#5887351) Homepage Journal
    I wish they'd spend more money on auditing Windows [sdtimes.com] too.

    Of course, crash on "division by zero" is a feature, not a bug. :)
    • Re:Great but (Score:5, Informative)

      by rritterson (588983) * on Monday May 05, 2003 @10:04PM (#5887469)
      It's not quite the same, obviously. The Navy software engineers can easily tweak and fix any holes they find. With Windows you are limited to the framework MS provides and the hope that they will fix any problems discovered.

      The NSA released documents on how to secure WinXP and Win2K server not too long ago- it was even posted on /.
      • I still need to plow through that PDF. It looked like it a lot of good info.

      • The NSA released documents on how to secure WinXP and Win2K server not too long ago

        I'm glad they did that. It was nice public service, IMHO.

        However, for practical use, the 105 page guide is a bit prolix for me. I'm installing, patching and trying to harden a home Win2K system (got removable drives and SuSE 8.1 on the other) and found other, shorter guides (ArsTechnica, I think) for Win2K security to be quicker and easier to use.

  • I see in the article that the linux kernel "lacks" such and such for security auditing? Would one of ya'all gurus please explain this? I thought there were a plethora of auditing tools and schemes already. Thanks in advance!
    • by Beryllium Sphere(tm) (193358) on Monday May 05, 2003 @11:02PM (#5887873) Homepage Journal
      >Would one of ya'all gurus please explain this?

      Attend, my son :-)

      The key word seems to be "forensic". They want to replace syslog with something sufficiently tamper-resistant to persuade a judge that it's good enough for legal evidence. There are already some clever hacks for this, such as hiding the real syslog process and leaving a fake one around for an intruder to disable or corrupt.
      • by zogger (617870)
        ..ok, that makes sense. so in order to do that, following normal procedure (made infamous in the OJ case) you need a provable uncorrupted "chain of evidence" from start to finish.

        Turbocharged DRM would of necessity be part of that along with the allegedly "incorruptable" logs. It matters now what you are looking at with regards to this theoretical 'crime" if the evidentiary analysis would not be able to prove a "perp". Proving the crime occurred seems to be the premise of the hardened logs, but proving who
      • by bill_mcgonigle (4333) on Tuesday May 06, 2003 @10:50AM (#5890996) Homepage Journal
        They want to replace syslog with something sufficiently tamper-resistant to persuade a judge that it's good enough for legal evidence.

        Just echo the syslog output to a 9-pin dot matrix printer...
    • There are a lot of things that can be meant by "auditing." At its most sensitive, you can audit all accesses to certain system resources (files, syscalls, device node accesses, that sort of thing), and at a more standard level you can audit failed accesses to system resources. Some of this is implemented in some way - "bad root login on tty1" - but usually when people talk about system security auditing, they are talking about a unified framework for controlling auditing of the entire system (the parts re
      • --ah, I was not aware that such a tool didn't already exist. Being a still neophyte at this I am still learning various tools. Making "one" tool that *does it all* seems logical, except for the single point of failure phenomenon then.

        Of course, you are correct, most "normal" users don't seem to need this. In fact, as a "normal" user, I must say I certainly...uh.. enjoy... all the "volunteer" efforts that kind hearted "outside auditors" seem to be always giving me... uhh ya... enjoy..... I guess.....

        %^)
  • Are the Navy and NSA working on the same kinda things? Or do we have more govt waste with duplication efforts?

    And just to get more tweaky...is it also similar to the aborted Dept. of Defense changes that Theo de Raadt was gonna do on BSD?

    NSA page: http://www.nsa.gov/selinux/
  • Why on earth would the Navy spend good money auditing Linux, when OpenBSD is already the most secure OS? It's been audited for the last 6? years.

Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- Perlis's Programming Proverb #58, SIGPLAN Notices, Sept. 1982

Working...