linux poison RSS
linux poison Email

Bastille Linux - Installation and configuration

Installing Bastille is easy, since many distributions come with Bastille available as a package, like Debian, Gentoo and Red Hat Fedora. You can also download Bastille in the form of an RPM or as a source file. There are some pre-requisites you will need if you want to run Bastille in Hardening mode (you can run Bastille in Assessment mode without these). These are:

    * perl-Tk and perl-Curses,

    * perl-Tk for Bastille in GUI mode

    * and perl-Curses for the command-line mode.

You can find these pre-requisites in RPM form, or you can install them via CPAN.

After these pre-requisites are installed, you can install Bastille, for example via RPM as:

# rpm -ivh Bastille-3.0.9-1.0.noarch.rpm

Bastille is then executed by running the bastille binary. Run the command with the -x option for GUI Hardening mode, with the -c option for command-line Hardening mode. If you just want to run Bastille in Assessment mode, then run the bastille binary with the –assess option. This will assess the host and then try to launch a browser to display the resulting report. If you do not wish to display the report, you can run Bastille with the –assessnobrowser option, which just generates the report and does not launch a browser. If you wish to revert an already hardened host you can use the -r option like so:

# bastille -r

Bastille can be a powerful tool, particularly for ensuring a consistent security baseline on your Linux hosts. It doesn’t guarantee that your host is secured against all threats, but it does take care of a lot of configuration weaknesses and security configuration that can be time-consuming and complicated. Bastille’s model also means that you can apply the same controls on a number of hosts in a consistent and structured manner. The broad platform and distribution coverage available in the application also means that you can easily harden a variety of hosts without having to worry about differing configuration standards, file locations and default settings. Finally, any tool that helps you with the process of hardening and securing your hosts with the minimum of effort, especially when IT and security resources are sometimes stretched thin, is well worth investing in time to understand and implement.


Unknown said...

Bastille error:could not write to /etc/Bastille/config

Post a Comment

Related Posts with Thumbnails