Project Home Page
About the FKL Project
Fort Knox for Linux has created documents on setting up Linux and Apache based on best practices. These documents are specific towards Redhat and SUSE; however, they are general enough to be used with other types of unix. The second task of the project implemented these practices in Bastille, and created an auditing function.
FKL Basline GuideMany books, documents, and Web sites authored by security professionals and organizations have been studied and analyzed to determine industry best practices. Some of the resources dealt with general computer security, while others addressed Linux and/or the above distributions in particular. Furthermore, Department of Defense directives were consulted to determine the Department's specific requirements. The described system will have minimal functionality, which is in accordance with industry accepted standards for secure operation. In some cases, these guidelines may reduce the ease-of-use of the computer system. This has been done deliberately when the result is a system that is more difficult to compromise. Department of Defense directives have been followed where applicable to ensure that the system meets the most stringent requirements. Being of a technical nature, this document is directed at system administrators and sophisticated users of computers running the Linux operating system. A degree of familiarity with Linux or a UNIX system is assumed. Knowledge of computer security is not required.
The FKL Apache GuideThe objective of this document is to instill a better understanding of how to secure Apache. Among the topics covered are the threats and risks related to operating a Web server in general, as well as the installation and secure configuration of the Apache Web server software in particular. In addition, setup of mod_security and Secure Socket Layer (SSL) are discussed. The appendices include configuration file templates which can be used to set up an Apache server.
FKL Bastille hardeningThe FKL project uses the existing code base of Bastille and is trying to incorporate the standards of the Department of Defense, and to make Linux boxes hardened to this standard by running one program. It has incorporated the Linux Auditing Subsystem, remove unnecssary users, disable unencrypted services, turn off unused services, and many others required by the Department of Defense.
FKL Bastille AuditingThe FKL project has also incorporated an audit tool for Bastille. This will allow system administrators to test their boxes to meet a certain standard and receive a score back determined on how secure their system according to the auditing tool.
Points of Contact
The points of contact for the project are Carsten Gehrke (firstname.lastname@example.org)
Charlie Long (email@example.com)
and William Wolfe (firstname.lastname@example.org)
of Space and Naval Warfare Systems Center, San Diego.
This site is hosted at SourceForge, a free hosting service for Open Source software development.Last updated on April, 2005 by Charlie Long