Debianhelp.co.uk


Proshield Security Program Configuration in Debian

What is proshield ?

ProShield is a security program for Debian Linux. It helps ensure your system is secure and up-to-date by checking many different aspects of your system. Regular use is recommended.

Whether you are a Linux novice or a system administrator with a dozen servers, ProShield is designed to be useable by all. ProShield's main goal is to help secure a newly installed box (computer), as well as maintain the security of an existing box on a maintainance basis.

Proshield Features

Helps you backup your system weekly.
Checks for extra root accounts.
Checks account & password files for correct access control permissions.
Makes sure a few security-hazardous packages are not installed.
Checks to make sure a packet sniffer is not running.
Removes unneeded packages from the local package archive.
Checks for new software releases, in order to see if installed software is reasonably up to date.  Smart-suggestion to upgrade if an important package is released.
Checks to see if 'apt' is fetching unnecessary information when checking for software updates.
Makes sure system time is accurate.
Checks to make sure the user isn't logged into the system (GUI) as root.
Checks the configuration of the ssh server ([sshd] if installed) for insecure settings.
At runtime, ProShield will also check to see if there has been a new version released, and can download and install it at the user's preference.

Download Proshield

http://sourceforge.net/projects/proshield/

Installing Proshield in Debian

Download the .deb package from the above download link and before installing proshield you need to install chkrootkit because proshild is depends on chkrootkit

if you want to install chkrootkit click here

Once you install chkrootkit now we are ready for proshield installation

#dpkg -i  proshield_3.7.45.deb

this will install proshield now you need to run this to check the security of your debian system using the following command

#proshield

output looks like this

ProShield v3.7.45
                         
ProShield may generate messages during operation, but you can ignore these.
At the end, a report summary will be displayed.

** YOU MUST BE CONNECTED TO THE INTERNET FOR PROSHIELD TO FUNCTION CORRECTLY **

ProShield is now checking to see if you are running the latest version...Done.

This appears to be the first time you have run ProShield.  Please note that ProShield is not designed to perform forensic analysis on your system to see if your computer has been compromised.  Detecting a compromised system is difficult, and ProShield is not, and will never be a tool of that nature.
Press <enter> to continue...

Now enter from your key board

Note: ProShield assumes you have shadowed passwords (/etc/shadow).  If you don't, ProShield will still function just fine, but will complain about /etc/shadow.

Making sure password file permissions are correct...Done.

eth0: PACKET SNIFFER(/sbin/dhclient[708])
WARNING, a packet sniffer was detected.  The program and its PID is listed above.
Please wait while system time is checked...Done.
Checking to see if any of these are installed: nis/portmap/arpwatch...No packages found matching portmap.
No packages found matching arpwatch.
Done.
Please wait while the Debian software repositories are queried (this may take a long time)... Done.
Processing new software releases...Done.
Checking if the new software releases include any 'important' packages...Done.
Checking 'apt' package archive for unneeded old packages...Done.
Checking to see if 'apt' is programmed to fetch source packages...Done.
Checking to see if you are logged into X as root...Done.
Checking some of your ssh server settings...Done.
Checking to see when system was last backed up...Done.

Scan Complete.

- - ProShield Advisories for testmain1: - -
*A packet sniffer was detected. More information can be found in the general
output above the advisory section.

*'apt' is currently set up to fetch an additional set of software release
information regarding 'source packages'. This is probably not necessary.

*sshd (the ssh server) is configured to allowed direct root user logins. This
makes it a magnitude of order easier for an attacker to penetrate your system.

*It's time to backup your system again.

ProShield will now ask you interactive questions to help you improve your
security (by solving some of the above problems).
Press <enter> to continue...

sshd (ssh server) is currently allowing direct root user logins.  This is
security hazardous.  Would you like ProShield to fix this?
[y,n] n

Would you like ProShield to never ask you again about ssh allowing direct
root user logins?
[y,n] y

Currently 'apt' is downloading source package release information, which is
unnecessary.  Unless you know what a source package is (and use them), you
can answer 'y' and ProShield will modify your 'sources' file so that apt does
not waste time/bandwidth doing this anymore.  Answer 'n' to make no changes.
[y,n] n

It's time to backup your system again.  ProShield can do this for you.
Your system will be backed up and stored in a compressed archive in the
directory /backup/.
Would you like ProShield to backup your system now?
[y,n] y

By default, ProShield backups the most common directories and folders on
your computer, and this is usually enough.  However, at this time, it is
possible to override ProShield's list of folders to backup, and give your
own list of folders to backup.
(the default list is /root/ /home/ /etc/ /usr/local/ /var/spool/cron/)
Would you like to change ProShield's list of directories to backup?
[y,n] n

Your system is being backed up (this may take a long time)...Done.
Backup complete (1,534 files backed up in 27 seconds).

Your backup archive is located at /backup/SystemBackup-2006-02-23.tar.gz
You should make a copy of it on CD, tape, or another hard drive (preferably
one not in this machine