Security Focus: Bastille Linux: A WalkthroughJun 11, 2000, 15:03 (1 Talkback[s])
(Other stories by Jay Beale)
"You use a "hardening program" to try to make your system as secure as possible, from the ground up. Generally, you deactivate unnecessary services and better the configurations of the ones you leave enabled. This is wildly effective, as it can eliminate many of the vulnerabilities that are common on Linux/Unix platforms. This article presents a walkthrough of Bastille Linux, a popular hardening program for Red Hat and Mandrake, available for free from Jon Lasser, Pete Watkins, myself, and the rest of the Bastille Linux project. This walkthrough won't be the kind of "paranoid" setup that I enjoy most, as that could remove too much functionality for the average reader. Don't worry - I'll explain what we'll break in each setting, how we'll break it, and how you can fix it. But first, a shameless plug: I'll let you know about the cool features in the newest Bastille version, which we've just released...."
"At the time of this writing, Bastille 1.1.0 has been released. It might be a little rough around the edges, but if something doesn't work as planned, it can be easily undone or we can release a quick fix. I'm recommending this version specifically because the new architecture is much more featureful. Let's download, install and run Bastille on an x86-based Red Hat 6.x box. First, switch to console mode. While Bastille uses a GUI-like (curses-based) Text User Interface, it's still a console tool that runs best on a standard size 80x25 screen."