similar to: Your experience with os hardening tool - Bastille?

Has anyone got Bastille-linux running on Centos-5.6? http://bastille-linux.sourceforge.net claims RHEL5 support but I ran into problems running it on a Centos 5.6 test system. First I had to "ln -s /usr/lib64/Bastille /usr/lib" just to get it to run at all. Then I tried faking /etc/redhat-release with Red Hat Enterprise Linux Server release 5.6 ... but I get this (why would it want

Hi Guys, I would like advice for best practices to secure my linux boxes. Know if I have been hacked, know of security breaches, etc. Can anyone provide advice? -Jason

Has anyone also run Bastille on the Asterisk pbx? Here's the link: http://www.bastille-linux.org/ It's a Linux hardening add-on. I was wondering if it'd mess up my Asterisk installation if I also installed Bastille, if it was a good idea to install it and work through the problems that may arise - or if it's not necessary. Makarios Communications, LLC Network Monitoring,

Hi, Is there any automated tool like Bastille Linux for freebsd to harden the system security? Thanks jerry _________________________________________________________________ Send a funky MSN Messenger Christmas card http://www.msn.co.uk/christmascard

Hi, My boss asked me to harden a CentOS box by removing "hacker" tools, such as nmap, tcpdump, nc (netcat), telnet, etc. I would like to know which list of packages would you remove from a base install. I would appreciate if someone could point me to a "standard" way of doing this. I know there are procedures for hardening a machine (I remember reading about Bastille Linux)

SELinux? On 22 April 2015 at 09:11, John R Pierce <pierce at hogranch.com> wrote: > On 4/21/2015 11:34 PM, Eero Volotinen wrote: > >> apply also ideas from this document: >> https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130 >> > > that should be your baseline. I suspect you'll find all the things you > mentioned are discussed in

apply also ideas from this document: https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130 -- Eero 2015-04-22 9:30 GMT+03:00 Tim <lists at kiuni.de>: > I am very interested. > > One of my suggestions: > > Firewall: > Network based firewall zone assignment (possibly disabling interface based > assignment) > > Regards > Tim > > Am 22.

I think, this SIG would/should care about hardening CentOS itself as a system not a complete environment (proxies, firewalls, etc.) The examples of the opener show this. Something else could be integrity checking possibly. I imagine a tool/script that could apply hardening stuff. Regards Tim Am 22. April 2015 09:23:52 MESZ, schrieb Eero Volotinen <eero.volotinen at iki.fi>: >Sounds

I have a client project to implement PCI/DSS compliance. The PCI/DSS auditor has stipulated that the web server, application middleware (tomcat), the db server have to be on different systems. In addition the auditor has also stipulated that there be a NTP server, a "patch" server, The Host OS on all of the above nodes will be CentOS 6.2. Below is a list of things that would be

I'm finally biting the bullet, and replacing the 12-yr-old box that's been my firewall/router with an appliance. First, does anyone have any idea whether the WRT160 nl can use tomato? Second, is there any way, or any reason, I could/would want to run bastille against the firmware? mark

I?m looking to configure a centos 7 server to lock out anaccount after 3 login failures. I?ve followed this ? https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls ? Section2.1.9.5 Account Locking ? And even rebooted the serverbut it

Hi all, I have just started using shorewall. So far so good. I have two questions which I cant find an answer to either on the website or googling. They may be stupid so please forgive my ignorance. 1) What is shorewalls preferred operating status, running or stopped? What I mean is, some firewalls start-up and run, and they do their thing, then they stop. But the firewall is still really

Hi Folks! I''m new to shorewall (in the process of switching from Bastille), and I have a question as to how to address using Bluetooth enabled Palms with a BT dongle on a linux box protected by shorewall. Basically I followed the directions located at http://www.metacon.ca/bcs/view.php?page=bluetooth to get things working strictly with iptables, specifically: echo

Hello, Has anyone tried out the security scoring tool at http://www.cisecurity.org/bench_freebsd.html? Any thoughts or opinions? Regards, stheg __________________________________ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250

Who would / Who wouldnt need to run SELinux? I have linux server at home. Would I need to run SELinux? What are the advantages of SELinux? What is the average home user doing?

Hi All, I was searching around but was not able to find out. We all know that packet traverses through the Net Filter hooks but how to practically realize that. Please guide Regards Clove

Hi, I'm new to the list, so "hello everybody" ... I have a (big) problem wih my new PDC under samba with ldap auth. When I start a new session, samba launch multiple instances of smbd for this new user in 5-10 minutes ... The system is very slow on the client and finish to crash and need to close the session. But, when I close the session, the smbd processes aren't

Overview ======== This module implements the Center for Internet Security (CIS) Security Configuration Benchmark for Red Hat Enterprise Linux 6 v.1.1.0 (avilable at http://benchmarks.cisecurity.org). Each scored control has been implemented as a class or a custom fact. Installation ============ Please either: - Clone git repo from https://github.com/arildjensen/cis-puppet - Run "puppet

Dear All, About a week ago; I posted a proposal over on the centos-devel mailing list, the proposal is for a SIG 'CentOS hardening', there were a few of the members of the community who are also interested in this. Therefore, I am extending that email to this community; where there is a larger community. Some things that we will like to achieve are as follows: SSH: disable root

On Mon, February 9, 2015 3:14 pm, PatrickD Garvey wrote: > On Mon, Feb 9, 2015 at 11:12 AM, John R Pierce <pierce at hogranch.com> wrote: >> On 2/9/2015 11:06 AM, Always Learning wrote: >>> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF >>> shows every page appears to be readable. 11 pages devoted to BASH. Information on other interesting