Re: How to Bastille a Debian System?

To: debian-user@lists.debian.org
Subject: Re: How to Bastille a Debian System?
From: John Patton <patton66@home.com>
Date: Thu, 16 Aug 2001 20:19:06 -0500
Message-id: <[🔎] 20010816201906.A28564@debian>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20010816153627.WRAR9852.mta11.onebox.com@onebox.com>
References: <[🔎] 20010816153627.WRAR9852.mta11.onebox.com@onebox.com>

Another thing that you can do that Bastille does is
install the libsafe package to protect yourself from
buffer overflows and the like. That is pretty painless...
although it did cause some really bizare errors when I
tried to compile mozilla. You should also install iptables
with a default policy of denying everything that you don't
specifically want in. You will also need tripwire and some
sort of logchecking utility. Finally, subscribe the the
debian security announce mailing lists and stay on top of
the security updates. Between this and task-harden, you
should have a pretty good approximation of what bastille
linux does... although you would still do well to learn as
much as you can about security and to apply that to your
system.

If you're serious about hardening your system and are
willing to spend some time on it, you can also install LIDS
(or something similar), which impliments mandatory access
controls. Properly configured it would make it impossible
for someone to install a rootkit, for example, or for
anyone to read your shadow password file... even with root
access. This isn't a simple install however: It will take
work to configure your system so that it is both secure AND
functioning.

On Thu, Aug 16, 2001 at 10:36:26AM -0500, Lance Peterson wrote:
> Since the Bastille project only supports RedHat and Mandrake (so says
> their web site), how would I go about hardening my Debian System in the
> same way that Bastille does for the other distros?
> 
> Maybe if I knew what got hardened, I could harden it myself (now get
> your minds out of the gutter here - I know that sounds bad!!)
> 
> Lance Peterson
> 
> __________________________________________________
> FREE voicemail, email, and fax...all in one place.
> Sign Up Now! http://www.onebox.com
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
John Patton                      patton66@home.com

"It is love, not reason, that is stronger than death."
- Thomas Mann, The Magic Mountain.

Reply to:

References:
- How to Bastille a Debian System?
  - From: "Lance Peterson" <dlancep@onebox.com>

Prev by Date: Re: woody or sid
Next by Date: Gtk font-encoding bug (was Re: dot-square font in E after dist-upgrade)
Previous by thread: Re: How to Bastille a Debian System?
Next by thread: Need Motherboard input for evaluation with Debian Woody
Index(es):
- Date
- Thread