Halo provides a number of preset configuration polices to help you audit and lock down your servers. With all the available choices, how can you be sure you are choosing the right one? In this blog entry we’ll walk through how to select the best configuration policy for your specific needs.
Determining The Distro
The first step is to determine which Linux distribution you are using. If you performed the install yourself, you already know if you are running CentOS, Ubuntu, Fedora, etc. If however you’ve loaded an image supplied by a public provider, you may need to do a bit of investigation work.
The first step is to run the command “which yum”. The “which” command will show the full path to commands loaded on the system. If the system returns “/usr/bin/yum”, as seen in Figure 1, you are running a Red Hat based distribution as all distributions based on Red Hat use the Yum package management system. This means you should start off using the “CentOS, RHEL, Fedora Linux Core Policy v 2.0”. Note in Figure 1 we’re working on an Amazon Linux AMI image, which means the Amazon distribution is ultimately Red Hat based.
If however no path to the file is returned, or you receive an error stating “no yum in …” with a long list of directories, you are running a Debian or Ubuntu based system and a bit more investigation work is required.
Next, execute the command “uname -a” as shown in Figure 2. Look through the output for the distribution name. For example in Figure 2 we can see we’re on an Ubuntu based system. This means we should start off using the “Ubuntu Linux Core Policy v 2.0”. Had the system been identified as “Debian”, we would select the “Debian Linux Core Policy v 2.0” instead.
The core policies are designed to audit your system for some of the most critical security best practices. If you need to meet certain compliance regulations, such as HIPAA or PCI-DSS, you may wish to implement an extended policy in addition to the core policy. The extended policies include additional security checks as well as tighter configuration parameters. They are designed for sites that need to maximize their risk mitigation.
Each of the extended policies are identified by Linux distribution. For example say I’m running Amazon Linux AMI’s, which means I’m already using the “CentOS, RHEL, Fedora Linux Core Policy v 2.0” configuration policy. If I want to achieve a higher level or security for a specific group of servers, I could chose to also apply the “CentOS, RHEL, Fedora Linux Extended Policy v 2.0” in addition to the core policy.
To choose the right configuration policy, you first need to know which particular Linux distribution you are using. While this may seem problematic with public images, using the “which yum” and “uname -a” commands can help you to quickly determine which Linux flavor you are working with.