linux poison RSS
linux poison Email

Hardening Ubuntu Linux using Bastille Linux

The Bastille Hardening program "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Bastille can also assess a system's current state of hardening, granular reporting on each of the security settings with which it works.

Bastille currently supports the Red Hat (Fedora Core, Enterprise, and Numbered/Classic), SUSE, Debian, Gentoo, and Mandrake distributions, along with HP-UX. Bastille's focuses on letting the system's user/administrator choose exactly how to harden the operating system. In its default hardening mode, it interactively asks the user questions, explains the topics of those questions, and builds a policy based on the user's answers. It then applies the policy to the system. In its assessment mode, it builds a report intended to teach the user about available security settings as well as inform the user as to which settings have been tightened.

Installing Bastille Linux:
Open the terminal and type the following command to install Bastille Linux and it;s dependencies:
sudo apt-get install bastille
sudo apt-get install perl-tk
The Bastille includes a user interface and a configuration engine. The primary user interface is an X interface via Perl/Tk.

Using Bastille Linux:
Open the terminal and type the following command to start Bastille Linux Perl/Tk graphical interface:
sudo bastille
When  used  interactively  (bastille, bastille -x, or bastille -c), the user interface guides the user through a  series  of  questions.   Each step  contains  a  description  of  a  security  decision  involved  in hardening an Unix system.  Each question describes the cost/benefit  of each  decision.   The Tk interface gives the user the option to skip to another question module and return to the current module later.  The  X interface  provides  "Completed  Indicators"  to  show  the  user which question modules are complete.  After the user has answered all of  the questions,  the interface then provides automated support in performing lock down steps.   After  performing  the  steps  Bastille  can  perform automatically,  the  utility  produces  a  "to  do" list that describes remaining actions the user must perform manually to ensure their system is  secure.

Reverting Bastille Linux Changes
If you decide that you would like to undo all of the changes made to your Ubuntu system by Bastille Linux, you may use the RevertBastille command to undo all changes made by the Bastille Linux tool. For example, open a Terminal application, and type the following command at the prompt to revert (undo) the changes made by Bastille Linux:
sudo RevertBastille
After the RevertBastille tool finishes executing, the system will be configured as it was prior to hardening with Bastille Linux.


Post a Comment

Related Posts with Thumbnails