On Thu, Nov 02, 2000 at 09:26:27AM +0100, m_g_m@gmx.net wrote: > I'd like to know if Bastille-Linux (which was intended for Red Hat > 6.x-Systems) works fine on Debian, too, if anyone has experiences with it already > and / or if there's an equivalent for Debian aswell. > What do you think/know? > greetings, > Michael it would likely screw up your debian system. i believe the consensus is that you really don't need bastille on debian. one of the main things (last time i checked) that bastille does is remove stupid suid bits (*cough* /sbin/dump) and do some silly permissions changes, like changing /usr/sbin/adduser from 0755 to 0700, which is pointless since anyone can download adduser from debian mirrors, and it only spews errors when run as a normal user anyway. Debian is already VERY conservative about suid bits, there are not really many you would bother removing except on extremely hardened systems (say a firewall) other then that remove nfs-kernel-server, nfs-common, telnetd packages and comment out anything you are not using in /etc/inetd.conf and run /etc/init.d/inetd reload. also disable portmapper, which is the only real daemon that is a pain to get rid of on debian (no longer so on woody, yay!) simplest option is rm /etc/rcS.d/S41portmap. which works pretty well (you do have to rekill portmap on netbase upgrades but that does not happen too often) also add: ## security updates deb http://security.debian.org/debian-security/ potato/updates main contrib deb http://security.debian.org/debian-non-US/ potato/non-US main contrib deb-src http://security.debian.org/debian-security/ potato/updates main contrib deb-src http://security.debian.org/debian-non-US/ potato/non-US main contrib to your /etc/apt/sources.list and run apt-get update && apt-get dist-upgrade to get all the current security updates. add non-free to those lists if you have non-free in your other apt lines. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpYJBORdIaNK.pgp
Description: PGP signature