Securing Your Linux Computer With Bastille
Results 1 to 8 of 8

Thread: Securing Your Linux Computer With Bastille

  1. #1
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548

    Securing Your Linux Computer With Bastille

    Bastille Linux is a hardening tool which is very effective at locking down your system, and all it requires is a few minutes of your time! It is currently available for the major Linux distributions: SUSE, Mandrake (the available RPM should work with Mandriva), Fedora Core, Red Hat, Debian, and Gentoo, and it is also available for HP-UX and Mac OS X, as well as the source code which can be compiled on most *nix systems. In this tutorial I shall take you through the steps of installing it and setting it up properly in order to secure your system better than before. Please note that this tutorial is designed for users new to Linux, and so may be slightly cumbersome for the more advanced users out there.

    ---

    Click here to read this tutorial. (I was not able to copy it here because of external copyright issues and it exceeds the image limit)

    Please let me know what you think - I know it is simple, but it is designed to help the newer users tighten their system as easily as possible.

    Thanks,

    -jk
    TAZForum <---- click

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    A word of caution with bastille, and that is, be extremely careful what you decide to lock down and *do not* use it on a production box before testing your lockdown policy on a test host. Many people overlock boxes due to the simplicity of "point & click" security when first using this product.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Thank you TH,

    I agree that if this is used in conjunction with other configurations or tools, it may lead to an overlocked box and that's when the problems begin. But I've found that when the steps I described are used on a relatively fresh installation (and I doubt that any new Linux user would go about altering security configurations manually), the box runs as smoothly as before.

    Thank you for pointing that out though

    -jk
    TAZForum <---- click

  4. #4
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792

    Well, you asked

    I am going to play devil's advocate here, be very negative, but don't take it the wrong way. I am not saying you did not do a lot of work in this, but these are my observations, and my opinions. I would not feel bad if others disagreed.

    First, I must stress what Horsey said,
    be extremely careful what you decide to lock down and *do not* use it on a production box before testing your lockdown policy on a test host. Many people overlock boxes due to the simplicity of "point & click" security when first using this product.
    Been there, done that! ( Not on a production box though )

    I did review your "tut", and did not see anything that should really break too badly a newbie's workstation, so I have to commend you there.

    There are three main points however that I disliked:

    1) Referencing this as a tutorial on this site: I am not saying it is wrong, just that I do not think it proper. I once referenced on this site a tut I wrote as you did, ( maybe referenced it more then once ) but did not list it in the tutorial section since it was not posted to the site. Maybe just symantics.

    2) The images are not clear enough, and even if you go to the link they provide to get a cleaner image, it is not clear enough. Yes, that was my IP address that downloaded each and every one of the images the images on the tut linked to, saved them, opened them and magnified them, and still I had trouble reading them ( I'm old, what do you want? ) I think taking the time and typing out the questions ( and explanations which Bastille-Linux provides, which is not in its entirety in the images ) would be much easier to follow and learn from.

    3) This goes along with the above. What happens if Bastille-Linux comes out with a new version next month, and someone finds your tut and tries to follow it, only to have just one new question inserted in the beginning ( or anywhere ) ??? Or what if they are using ( either by choice or by necessity of their kernel version ) Ipchains instead of IPTables? Without knowing exactly what the questions are, they will be lost following your tut, or worse, use your suggested answers to different questions. How would they know?

    A tutorial should not be just a cook-book how-to, but the reader should learn from it. Without knowing ( or you explaining ) what the questions are and why they are answering the way you suggest it is teaching them nothing, ( although it may help them in the sort term. )

    Now that I have alienated you completly, I am going to ask a favor: I am really curious as to the exact firewall rule set Bastill-Linux created. Do you still have it?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  5. #5
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    IKnowNot - That was exactly the kind of comment I was looking for.

    1) I was not too pleased about it either (especially as it's my first), but I thought - hey, if Irongeek can do it, so can I

    2) Good point. I have some time this weekend, so I may re-write the tutorial as text-only and post it instead of my first here, with more detail and explaining each step. I'm sorry you had trouble reading what was in the images - I hope that you will find my re-make a bit more to your liking.

    3) Aye, that's why I was stressing about the version of Bastille I was using. But you are right - and I will be doing the tutorial again as soon as I can.

    Thank you for your helpful reply - I was sceptical of posting this as my first security tutorial here, but the remake will be more informative. Sorry for wasting your time

    And I'll attach the firewall ruleset Bastille creates when I redo the tut..

    Thanks,

    -jk
    TAZForum <---- click

  6. #6
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Hardly a waste of my time
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  7. #7
    Banned
    Join Date
    Mar 2006
    Posts
    27
    Nice, but I find it kind of ironic that this is called Bastille, when in reality the Bastille was burned to the ground

  8. #8
    I have used Bastille to harden one of my machines.

    I like the interface, and the explanations, but I do have one concern...

    On a non-standard installation... It will miss things. Apache was configured through Bastille, but it completely missed my IRCd, and a few other custom things I have running.

    On the whole, it is a very good peice of software, expecially for people who are new to Linux and may not be comfortable with diving right into the various .confs.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides