October 27th, 2002, 07:07 AM
Bastille / Mandrake 9.0
If anyone has acquired Mandrake 9.0 they will find that Bastille wasn't included in this roll-out of Mandrake's latest version. The default firewall is Shorewall which I personally found a little confusing although I did get it to do it's job, I decided to scrap it and go back to Bastille. Bastille has been discussed in other threads but in saying that it is a great tool for hardening a linux box.
Bastille will not run "out of the box" on Mandrake 9.0 so you have to make a few small changes as listed below.
Grab the latest Bastille RPM from http://www.bastille-linux.org/ and install as per usual.
Edit the following line in /usr/lib/Bastille/API.pm:
foreach $supported_distro "DB2.2","RH6.0","RH6.1","RH6.2","RH7.0","RH7.1","RH7.2","RH7.3",
Just add "MN9.0" to the list of supported distributions.
The same goes for /usr/lib/Bastille/IOLoader.pm:
my $supported_versions =
'MN6.0 MN6.1 MN6.2 MN7.0 MN7.1 MN7.2 MN8.0 MN8.1 MN8.2 MN9.0';
Again add MN9.0 to the end.
This is sufficient to allow /usr/sbin/InteractiveBastille to run.
This solution is only an interim measure until Bastille supports 9.0 officially.
There are a few bugs, though. The umask doesn't seem to be set according to what you say. This means that users on your system can see each other's files by default. To change to a more secure setting, you will want to change the default permissions something like -rw-------, or umask 077.
This is achieved by editing the UMASK_USER line in /etc/sysconfig/msec to read;
This info was found on the Mandrake Newsgroup and has been tried and tested on my machine and works a treat.
I did say in a previous thread that I am not keen on .0 releases but Mandrake promised to support all my hardware including my Flyvideo 3000 TV card and in my opinion they have come through with flying colours with this version.