RafaĆ Radecki
2014-Oct-18 16:45 UTC
[CentOS] Your experience with os hardening tool - Bastille?
Hi All:) I would like to start using a tool for automating of os hardening. I found some informations about Bastille. One things which attracted my attention is that in http://bastille-linux.sourceforge.net/news_updates.htm the last post is from January 29th, 2012 :D Is the tool ready to use at the moment with CentOS 6/7? Are there any alternatives which you can recommend? Thanks for all info :) BR, Rafal.
James Hogarth
2014-Oct-18 18:21 UTC
[CentOS] Your experience with os hardening tool - Bastille?
On 18 October 2014 17:45, Rafa? Radecki <radecki.rafal at gmail.com> wrote:> Hi All:) > > I would like to start using a tool for automating of os hardening. I found > some informations about Bastille. One things which attracted my attention > is that in http://bastille-linux.sourceforge.net/news_updates.htm the last > post is from January 29th, 2012 :D >Why would you be excited by a message saying "we're starting back up" from 3 years ago with no further information ... To my knowledge this is completely dead and out of scope for C6/C7 security.> > Is the tool ready to use at the moment with CentOS 6/7? Are there any > alternatives which you can recommend? > >It's a dead project - forget it. If you want to think about security you should be looking at the RHEL security guides to start with: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security_Guide/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Security_Guide/index.html After reading through the upstream documentation you may want to read some external sources such as the CIS guidelines: http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120 http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel7.100 Always keep in mind though security is a process - there's not a magic script that makes a system secure but rather a properly layered system of protection and review. Don't go into securing an OS thinking there you can run one application/script and check the box marked secure as a result. Apply critical thinking to each setting, set up your firewall properly, don't disable selinux and monitor properly (along with backups) as your keystones to work from.