search for: bastille

Has anyone got Bastille-linux running on Centos-5.6? http://bastille-linux.sourceforge.net claims RHEL5 support but I ran into problems running it on a Centos 5.6 test system. First I had to "ln -s /usr/lib64/Bastille /usr/lib" just to get it to run at all. Then I tried faking /etc/redhat-release with Red Hat...

Hi All:) I would like to start using a tool for automating of os hardening. I found some informations about Bastille. One things which attracted my attention is that in http://bastille-linux.sourceforge.net/news_updates.htm the last post is from January 29th, 2012 :D Is the tool ready to use at the moment with CentOS 6/7? Are there any alternatives which you can recommend? Thanks for all info :) BR, Rafal.

Has anyone also run Bastille on the Asterisk pbx? Here's the link: http://www.bastille-linux.org/ It's a Linux hardening add-on. I was wondering if it'd mess up my Asterisk installation if I also installed Bastille, if it was a good idea to install it and work through the problems that may arise - or if it'...

Who would / Who wouldnt need to run SELinux? I have linux server at home. Would I need to run SELinux? What are the advantages of SELinux? What is the average home user doing?

...the above nodes will be CentOS 6.2. Below is a list of things that would be necessary. 1. Digital Certificates for each host on the PCI/DSS segment 2. SELinux on each Linux host in the PCI/DSS network segment 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment 4. OS hardening scripts (e.g. Bastille Linux) 5. Firewall 6. IDS (Snort) 6. Central ?syslog? server However, beyond this I would appreciate any comments/feedback / suggestion if you or your organization has undergone a PCI/DSS audit and what are the gotchas that you encountered, especially with respect to CentOS/ open source stack. I...

...such as nmap, tcpdump, nc (netcat), telnet, etc. I would like to know which list of packages would you remove from a base install. I would appreciate if someone could point me to a "standard" way of doing this. I know there are procedures for hardening a machine (I remember reading about Bastille Linux) but I don't know how effective they are and if they include the removal of such tools in their procedures. Any advice would be very appreciated! Thanks, Filipe

I'm finally biting the bullet, and replacing the 12-yr-old box that's been my firewall/router with an appliance. First, does anyone have any idea whether the WRT160 nl can use tomato? Second, is there any way, or any reason, I could/would want to run bastille against the firmware? mark

Hi, Is there any automated tool like Bastille Linux for freebsd to harden the system security? Thanks jerry _________________________________________________________________ Send a funky MSN Messenger Christmas card http://www.msn.co.uk/christmascard

...ccueil 1801 0.1 0.0 79916 3372 ? S 19:44 0:00 /usr/ sbin/smbd -D root 1811 0.0 0.0 7236 844 pts/0 S+ 19:45 0:00 grep accueil -- %< ----------------------------------------------------------------------------- My smb.conf : [global] workgroup = BASTILLE netbiosname = ZEUS server string = Active Directory Server - Samba log level = 3 null passwords = yes domain logons = yes domain master = yes wins support = yes time server = yes enable privileges = yes deadti...

...ve read about the routestopped file and changed it accordingly. So I should be able to see out if shorewall is stopped, right? Or, is shorewall supposed to be running constantly and the routestopped is there as a contingency just in case a problem happens? Mdk 8.x''s used tiny firewall and bastille which ran once then stopped (I think). 2)How can I stay blocked? When I scan my ports (esp. thru http://scan.sygate.com ) sometimes most of my ports are blocked (stealthed). Then if I check back an hour later, most are closed not blocked. Something seems to be happening, like the rules are not bei...

Hi Folks! I''m new to shorewall (in the process of switching from Bastille), and I have a question as to how to address using Bluetooth enabled Palms with a BT dongle on a linux box protected by shorewall. Basically I followed the directions located at http://www.metacon.ca/bcs/view.php?page=bluetooth to get things working strictly with iptables, specifically: echo ...

Hi Guys, I would like advice for best practices to secure my linux boxes. Know if I have been hacked, know of security breaches, etc. Can anyone provide advice? -Jason

Greetings, I have spent over a month of my evenings working on this. I am indeed a Samba newbie. Version of Linux: Red Hat 7.2 with latest RPM's from RedHat ftp site on a minimal custom Red Hat install with bastille_linux installed. (tmp defense removed as it was interfering with samba using the tmp directory) I have tried this with bastille stopped and running with no change) Samba RPM version 2.2.5. (what have I missed so far?) A link to my log files running in Debug Level 10 is here: http://www.tex-sup...

...nfig file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #======================= Global Settings ===================================== [global] netbios name = BASTILLE workgroup = SCH-FARMVILLE passdb backend = "ldapsam:ldap://localhost" ldap admin dn = "cn=Manager,dc=sch-farmville,dc=ORG" ldap delete dn = no ldap passwd sync = yes ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Compu...

...mily => HP-UX path => /usr/sbin:/usr/bin:/usr/ccs/bin:/usr/contrib/bin:/usr/contrib/Q4/bin:/opt/perl/bin:/opt/gvsd/bin:/opt/ipf/bin:/opt/nettladm/bin:/opt/fcms/bin:/opt/wbem/bin:/opt/wbem/sbin:/opt/sas/bin:/opt/graphics/common/bin:/opt/atok/bin:/usr/bin/X11:/usr/contrib/bin/X11:/opt/sec_mgmt/bastille/bin:/opt/caliper/bin:/opt/drd/bin:/opt/dsau/bin:/opt/dsau/sbin:/opt/resmon/bin:/opt/firefox:/opt/gnome/bin:/opt/perf/bin:/opt/propplus/bin:/usr/contrib/kwdb/bin:/opt/perl_32/bin:/opt/prm/bin:/opt/sfm/bin:/opt/swm/bin:/opt/sec_mgmt/spc/bin:/opt/ssh/bin:/opt/swa/bin:/opt/hpsmh/bin:/opt/thunderbird:/o...

Hi I have samba installed & running successfully on a Solaris 8 server. directory shares were working as expected until the machine was put on a DMZ, and now it's stopped working. I can ping from my PC to the server, and telnet, but samba seems to have no route through the firewall - possibly the firewall needs to have different ports opened up to allow samba traffic through? I need to

Dear all, i Just finished setting up an apache service on a centos 5.2 VM machine. i need to secure this machine as i'm soon to be setting a public IP over it where i'd be opening up the following services: 1. http 2. https 3. ssh Things i've done so far: 1. stopped root ssh access in sshd.conf 2. tried configuring PAM so i get a more secure ssh passwords (dictionary wise) as

I had to install 5.5 from scratch and now I have to rebuild my home networking system. I haven't had to mess with this stuff in over 5+ years and I'm sure there may be better ways of doing it now. My liunx box acts as firewall/gateway for 2 other pcs. I was using a script from the Linux IP Masquerade HOWTO with ddclient (since I have a dynamic ip). Also, I don't think I need a full

Hello everybody, I'm a newbie in this list, so I don't know if it's the appropriate place for my question. Anyway, I'd be happy to find out the solution. Please, has anyone simple answer for: I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to

WE have a centos 5.3 install, and our server is keep getting hacked. We see load averages of 500+ and see people from all over the world logging into our server (used last). Is there a good place to start to avoid these kinds of things? For example, here is what I already did. Open up sshd port only setup iptables to only accept port 80 and 22 No FTP No other ports are allowed according to IP