O'Reilly logo

Building Secure Servers with Linux by Michael D. Bauer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Automated Hardening with Bastille Linux

The last tool we’ll explore in this chapter is Bastille. You might be wondering why I’ve saved this powerful hardening utility for last: doesn’t it automate many of the tasks we’ve just covered? It does, but with two caveats.

First, it’s very Red Hat-centric. It simply will not run on any distribution besides those derived from Red Hat, specifically Red Hat itself, Mandrake, and Immunix (although future versions may include support for Debian, SuSE, TurboLinux, and HP/UX). Second, even if you do run a supported distribution, it’s extremely important that you use Bastille as a tool rather than a crutch. There’s no good shortcut for learning enough about how your system works to secure it.

The Bastille guys (Jay Beale and Jon Lasser) are at least as convinced of this as I am: Bastille has a remarkable focus on educating its users.

Background

Bastille Linux is a powerful set of Perl scripts, which both secures Linux systems and educates their administrators. It asks clear, specific questions about your system that allow it to create a custom security configuration. It also explains each question in detail so that by the time you’ve finished a Bastille session, you’ve learned quite a bit about Linux/Unix security. If you already understand system security and are only interested in using Bastille to save time, you can run Bastille in an “explain-less” mode that asks all the same questions but skips the explanations.

How Bastille came to be

The original ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required