Differences between revisions 4 and 5
Revision 4 as of 2007-03-24 15:03:05
Size: 2612
Comment: Added more info, fix the header name (damn c&p)
Revision 5 as of 2009-03-16 03:29:41
Size: 2628
Editor: anonymous
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
[http://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html#s-intrusion-detect intrusion detection tool]. This tool, once developed, would replace the tool currently installed by default by debian ([http://packages.debian.org/checksecurity Checksecurity]) which is somewhat limited and fragile. [[http://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html#s-intrusion-detect|intrusion detection tool]]. This tool, once developed, would replace the tool currently installed by default by debian ([[http://packages.debian.org/checksecurity|Checksecurity]]) which is somewhat limited and fragile.
Line 14: Line 14:
This tool should be based on the experience derived from current existing tools. Including [http://packages.debian.org/checksecurity Checksecurity] and [http://packages.debian.org/tiger Tiger] This tool should be based on the experience derived from current existing tools. Including [[http://packages.debian.org/checksecurity|Checksecurity]] and [[http://packages.debian.org/tiger|Tiger]]
Line 16: Line 16:
[http://lists.debian.org/debian-devel/2002/12/msg01566.html other projects] are providing as the stock security check tool. [[http://lists.debian.org/debian-devel/2002/12/msg01566.html|other projects]] are providing as the stock security check tool.
Line 30: Line 30:
Optionally, an integration layer should be implemented to make it possible to send and acknowledge security alerts in open-source information management systems currently available such as [http://www.prelude-ids.org/ Prelude] (through [http://packages.debian.org/libprelude2 libprelude]) and [http://www.ossim.net/ Ossim] Optionally, an integration layer should be implemented to make it possible to send and acknowledge security alerts in open-source information management systems currently available such as [[http://www.prelude-ids.org/|Prelude]] (through [[http://packages.debian.org/libprelude2|libprelude]]) and [[http://www.ossim.net/|Ossim]]

Common Security Checking Tool

  • Mentor: [JavierFernandezSanguino Javier Fernandez-Sanguino]

  • Summary: Develop a security check tool to replace one currently provided by default in Debian

  • Required skills:

    • C or Perl programming (C prefered)
    • (recommended) knowledge of OS security and (host-based) ids

Description

The goal of this project is to develop a new, robust (not shell script based), security checking tool to monitor Debian systems for intrusion attempts. In essence, an intrusion detection tool. This tool, once developed, would replace the tool currently installed by default by debian (Checksecurity) which is somewhat limited and fragile.

This tool should be based on the experience derived from current existing tools. Including Checksecurity and Tiger which are already available in Debian. But the developer should also review what other projects are providing as the stock security check tool.

This tool should:

  • run independently from cron (rationale: cron is not a task scheduler, it is not able
    • to cope with tasks that run amok)
  • implement common host-level security checks (please review the checks available in
    • Debian's checksecurity and other tools)
  • be modular so that new security checks could be "plugged in" easily
  • provided multiple alert mechanisms (at least SNMP, e-mail and syslog)
  • it should be easy to integrate the information from different intrusion detection agents in a single console

Notice that "security checks" are anything that affect availability, confidentiality and integrity. That is, this tool should not focus on being only a host-based intrusion detection (HIDS) tool.

Optionally, an integration layer should be implemented to make it possible to send and acknowledge security alerts in open-source information management systems currently available such as Prelude (through libprelude) and Ossim

This tool would eventually replace checksecurity and would be installed as part of the standard operating system so it should be able to work in very simple systems (i.e. just standard packages), even if some functionality would be only "activated" if additional libraries would be installed.