FAQ (Frequently Asked Questions)
- What is buck-security?
- What are the features of buck-security?
- What is the difference between buck-security and other security programs for linux (like tiger, checksecurity, lynis, bastille, rkhunter, chkrootkit, ...)?
- I get a warning, what should I do?
- How can I suppress a warning when I'm sure that it's no security risk?
- How do I add an exception?
- I found a bug in buck-security, what should I do?
- I want to support buck-security, what can I do?
» What is buck-security?
buck-security is a security scanner for Debian and Ubuntu Linux. It runs a
couple of important checks and helps you to harden your Linux system.
This enables you to quickly overview the security status of your Linux
system.
As a system administrator you often get into situations where you have to
take care of a server, that has been maintained by other people before. In
this situation it is useful to get an idea of the security status of the
system immediately. Buck Security was designed exactly for this. It runs a
few important checks and returns the results. It was desigend to be extremly
easy to install, use and configure.
ATTENTION: Buck Security should be just a small tool in your holistic security concept. Server security is a complex
PROCESS which can't be guaranteed by a simple tool.
» What are the features of buck-security?
You can find a full feature list of the current release on the homepage of buck-security.
Top» What is the difference between buck-security and other security programs for linux (like tiger, checksecurity, lynis, bastille, rkhunter, chkrootkit, ...)?
buck-security is a security scanner for Debian Linux (and of course its derivates like Ubuntu). rkhunter and chkrootkit are no security scanners in general
but mainly progams that look for rootkits on your computer. bastille on the other hand is a great tool
and can really teach you a lot, but is focused on configuring a system in a secure way rather than checking it.
So rkhunter, chkrootkit and bastille are very useful tools. But they try to do other things that buck-security tries, so you really can't compare them.
buck-security tries to be a general security scanner, like checksecurity, tiger or lynis. buck-security differs from these existing security scanners by trying to concentrate on the most important checks and to not scare users with a lot of output/results.
I think many users are scared by the huge output of other programs and instead of taking a closer look at all these "problems" tend to do nothing instead, because they think they'll never understand it or it's simply to much.
Therefor we plan to concentrate on the checks we consider most
important and build up a detailed knowledge base on the website (the
documentation is - as always - probably most of the work that needs to
be done
I think in the future buck-security will contain max. 15-20 core
checks, other useful but not so important checks will be included als
optional.
» I get a warning, what should I do?
You should find out more about it. Then you should see if the warnings points to a real security problem or if you can ignore it. A good starting point to find out more about a warning is our documentation site. There are also some links to other sites included where you can learn more, or you can use your favorite search engine to find out more. If you're still unsure please use our forum or contact us directly.
So after that, if you've found out that the warning pointed to a real security problem you should fix it as soon as possible (change the configuration
or the file permissions for example).
Here you can learn more what to do when you want to suppress a warning when you're sure that it's no security risk.
» How can I suppress a warning when I'm sure that it's no security risk?
If you're sure that the warning you get is no security risk (f.e. you installed a new programs which really needs SUID to be set and is considered secure) than you should add an exception to the whitelist-configuration file of the specific check. To learn how to add an exception click here.
Top» How do I add an exception?
You can add an exception using the whitelist-configuration file of the specific check. Therefor open the specific whitelist-configuration file in the configuration directory conf/whitelists (for example suids-whitelist.conf) using your favorite text editor. If the config file doesn't exist already you can create it (using the name of the check (let's assume "coolcheck" as name) which is used in the main config file, and name the file "coolcheck-whitelist.conf" for example).
The exception must be exactly the same as the output you get from buck-security. For example a file or directory name like /usr/bin/passwd, or Port for the sshd check.
Wildcards
You can also use the * wildcard in the exception files, but be careful with them. For example a /usr/bin/* will suppress warnings for all results in the /usr/bin directory.
You'll find more information about adding exceptions in the whitelist files or can use our forum or contact us directly if you have any problems.
Top» I found a bug in buck-security, what should I do?
You should contact us immediately so that we can fix it with the next release. Please use our contact site to find out how to contact us.
Top» I want to support buck-security, what can I do?
There's a lot you can do, even if you are no programmer.
Documentation writers
What we need most are people who improve the documentation, which means people who can write about f.e. why it's dangerous to have worldwriteable directories, how to change it, where to find more informations (books, websites) or who just write some general articles about security best practices. Although it doesn't seem to be very exciting or honorful work it's a very important task and you learn a lot by doing it.Beta Testers
We would also like to build a small group of beta testers to whom we can send new releases before we really release it. So people who want to do this are very welcome.
Check Proposals, wishes, ...
And of course people can send us proposals for new checks or even written checks (there are two templates in the checks directory if somebody wants to write a new check). But the checks should be well written and reliable of course so we don't have to rewrite them :-)
Donations
We work on buck-security on our free time and don't get paid, we do it just for fun. If you want to support
us with a donation we promise to buy only cool and helpful security books with your money - and maybe some wine.
More information at our donation site.
Get in touch
Please use our contact site to find out how to get in touch with us.