Bastille is an OS hardening tool for Linux. Jay Beale gave a presentation on how to “lock down” a system using it. Bastille can analyze your current setup and give you a rating based on how secure your system is. The program asks you questions based on your configuration (“Do you want to turn off ### service?”). It explains the possible consequences of taking the suggested actions. The process can be very educational. The system is modular so you can add your own modules by writing a few lines of Perl. Bastille can also generate configurations that can be deployed across multiple machines.