Bastille is an OS hardening tool for Linux. Jay Beale gave a presentation on how to “lock down” a system using it. Bastille can analyze your current setup and give you a rating based on how secure your system is. The program asks you questions based on your configuration (“Do you want to turn off ### service?”). It explains the possible consequences of taking the suggested actions. The process can be very educational. The system is modular so you can add your own modules by writing a few lines of Perl. Bastille can also generate configurations that can be deployed across multiple machines.
3 thoughts on “TC7 Day 1 – Bastille Hardening Assessment Tool”
Nice concept, but the program apparently doesn’t work on any distros of Linux other than the ones listed, not even from source. For instance, Slackware, which I use. It’s sad when even the source limits you to the exact same as the available precompiled packages.
Jay Beale’s presentation I assume, is the same at TC as it was at DefCon, or atleast close, and it was a great presentation.
And the reason bastille has to be maintained for individual distros, even from source, is because most distros use customized kernels and packages, like an ubuntu .deb package is different than the same program’s debian .deb version. And the programs install to different locations, so bastille would have a hard time finding everything. What you could do, is download bastille, look through the files to see what exactly it does, and do the same things by hand, just modified to fit Slackware.
My boss paid nearly $300 to send me to a conference with this guy… I was rather dissapointed. For some reason i thought that it would perhaps be more in depth. Not Jay’s fault, but I would reccomend everyone not to pay to sit in on a linuxworld conference, not worth it.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)