Re: How to Bastille a Debian System?
Another thing that you can do that Bastille does is
install the libsafe package to protect yourself from
buffer overflows and the like. That is pretty painless...
although it did cause some really bizare errors when I
tried to compile mozilla. You should also install iptables
with a default policy of denying everything that you don't
specifically want in. You will also need tripwire and some
sort of logchecking utility. Finally, subscribe the the
debian security announce mailing lists and stay on top of
the security updates. Between this and task-harden, you
should have a pretty good approximation of what bastille
linux does... although you would still do well to learn as
much as you can about security and to apply that to your
If you're serious about hardening your system and are
willing to spend some time on it, you can also install LIDS
(or something similar), which impliments mandatory access
controls. Properly configured it would make it impossible
for someone to install a rootkit, for example, or for
anyone to read your shadow password file... even with root
access. This isn't a simple install however: It will take
work to configure your system so that it is both secure AND
On Thu, Aug 16, 2001 at 10:36:26AM -0500, Lance Peterson wrote:
> Since the Bastille project only supports RedHat and Mandrake (so says
> their web site), how would I go about hardening my Debian System in the
> same way that Bastille does for the other distros?
> Maybe if I knew what got hardened, I could harden it myself (now get
> your minds out of the gutter here - I know that sounds bad!!)
> Lance Peterson
> FREE voicemail, email, and fax...all in one place.
> Sign Up Now! http://www.onebox.com
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
John Patton firstname.lastname@example.org
"It is love, not reason, that is stronger than death."
- Thomas Mann, The Magic Mountain.