---

Home Infrastructure

SuSE Security Announcement – new security tools

By

Date: Fri, 26 Nov 1999 23:22:10 +0100
From: Marc Heuse marc@SUSE.DE
To: BUGTRAQ@SECURITYFOCUS.COM

SuSE Security Announcement

Announcement of new security tools from SuSE

Please note, that that we provide this information on an “as-is”
basis only. There is no warranty whatsoever and no liability for
any direct, indirect or incidental damage arising from this
information or the installation of the update package.

Tools developed by SuSE (all open source) and included in SuSE
6.3 :

SuSE FTP Proxy – The first program of the SuSE Proxy Suite. A
secure FTP proxy with support for SSL, LDAP, command restriction,
active and passive FTP support, and much more.
RPM: fwproxy.rpm, fwproxys.rpm (SSL – not in the US version)

SuSE Firewall – The new firewall script from SuSE, rewritten
from scratch. Autodetection of interface information, masquerading,
autoprotection of services, protection from internal networks,
fail-close design and easy to configure. RPM: firewals.rpm

Harden SuSE – A special script for hardening a SuSE Linux 5.3 –
6.3. By answering 9 questions, the system is reconfigured very
tightly. e.g. disabling insecure network services, removing
suid/sgid/world-writable permissions which are not critical. RPM:
hardsuse.rpm

SuSE Secumod – This loadable kernel module enhances the security
of the system by adding a symlink/hardlink/pipe protection, procfs
protection, trusted path execution and capabilities. RPM:
secumod.rpm

SuSE Secchk – These are cron scripts which run daily, weekly and
monthly to check the security of the system and compare them to the
last run. RPM: seccheck.rpm

Yast-1 – New administration menu for setting password aging,
authentication fail delay and logging of logins + failures. RPM:
yast.rpm

SuSE auditdisk – Please note that this tool is in beta phase!
This tool generates a bootdisk with checksum data and all binaries
etc. needed to automaticaly verify file checksums upon booting.
This way it can’t be subverted by lkm’s like a standard e.g.
tripwire installation.
WWW: http://www.suse.de/~marc – not
included on SuSE 6.3 yet

Watch out for updates of these tools on our WWW or FTP update
sites. Although these are tools developed by SuSE, they (should)
work on any Linux distributions with little problems.

New tools included in the SuSE Linux distribution (not created
by SuSE):

FreeS/WAN – IPSEC implementation to build secure VPN tunnels via
public networks.
RPM: freeswan.rpm (not in the US version)

GNU Privacy Guard – A free pgp-like tool for secure (not limited
to email) communication. Frontends are also included.
RPM: gpg (not in the US version)

Nessus – A very good network security scanner!
RPM: nessus

plus tmpwatch, arpwatch, plug, sslwrap, the newest nmap and
more. “Old” packages include: john, saint, cipe, pgp, scanlogd,
ssh, tripwire, etc.

General information on SuSE Linux:
http://www.suse.com

You can find updates on our ftp-Server:
ftp://ftp.suse.com/pub/suse/i386/update
for Intel processors
ftp://ftp.suse.com/pub/suse/axp/update
for Alpha processors

or try the following web pages for a list of mirrors:
http://www.suse.com/ftp_new.html

Our webpage for patches:
http://www.suse.de/en/support/download/updates/

Our webpage for security announcements:
http://www.suse.de/security

If you want to report vulnerabilities, please contact security@suse.de

SuSE has got two free security mailing list services to which
any interested party may subscribe:

suse-security@suse.com
moderated and for general/linux/SuSE security discussions. All SuSE
security announcements are send to this list.

suse-security-announce@suse.com – SuSE’s announce-only mailing
list. Only SuSE’s security annoucements are sent to this list.

To subscribe to the list, send a message to: suse-security-subscribe@suse.com

To remove your address from the list, send a message to:
suse-security-unsubscribe@suse.com

Send mail to the following for info and FAQ for this list:
suse-security-info@suse.com
suse-security-faq@suse.com

This information is provided freely to everyone interested and
may be redistributed provided that it is not altered in any
way.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.