Linux system flaws can’t pass Buck Security

As a student, Martin Bartenberger read a lot of books about computer security. “In most of these books you find a lot of things you should check to make your Linux system more secure,” he says, “like looking for world-writable directories or suid programs. As a system administrator I had to run such checks often. I thought I would put them together in a single program. That is how Buck Security was started.” Bartenberger started writing Buck Security at the beginning of last year, and soon made it a SourceForge project. Version 0.5 was released last month.

Buck Security comprises a collection of security scans for Debian-based Linux distributions, including Ubuntu. It’s easy to use, and gives you a quick overview of the security status of your system. If you’re not happy with some of the alerts, you can add exceptions so you won’t get any “false alarms” later. It’s written in Perl (with some bash code), so to get started, you just download a zip file, extract it, and run the executable.

Unlike scanners such as Tiger or Lynis, Buck Security concentrates on only the most important checks, and tries not to scare users with a lot of output. “I think many users are scared by the huge output of other programs,” Bartenberger says. “Instead of taking a closer look at all the ‘problems,’ they tend to do nothing instead, because they think it’s simply too much. Buck Security will contain no more than 15 to 20 core checks, with other useful but less important checks included as optional.”

The new 0.5 release includes a cool checksum feature. You can create a GPG-encrypted checksum list of the most important system programs in /sbin, /bin, /usr/sbin, and /usr/bin (by default). When you run Buck Security next time, it checks this list to see if any of the programs have changed. “For people like me who think that tools like Tripwire are cool but a bit too much, this is a useful feature to check a measure of system integrity,” Bartenberger says.

The developer hopes to release version 0.6 within three months, which will include explanations for users about what warnings mean and where they can find more information. “There will also be one new check which shows you the listening services on your server, and maybe some others. I’ll also include some checks about the users of the system (who can log in, who has no password, and so forth) and some more package checks (such as what packages are installed) but that will probably come in the 0.7 release.”

To bring the software along, “What I need most are people to improve the documentation, which means people who can write about why it’s dangerous to have world-writable directories, how to change that, where to find more information, and so on. I would also like to build a small group of beta testers to whom I can send new releases before I release them. Also I would like to make a Debian package sometime, so people with this experience are welcome too. And of course people can send me proposals for new checks, or even write checks (there are two templates in the checks directory for people who want to write new checks). People who want to help me on that should write to me.”

Tags:

0 comments