Another thing that you can do that Bastille does is install the libsafe package to protect yourself from buffer overflows and the like. That is pretty painless... although it did cause some really bizare errors when I tried to compile mozilla. You should also install iptables with a default policy of denying everything that you don't specifically want in. You will also need tripwire and some sort of logchecking utility. Finally, subscribe the the debian security announce mailing lists and stay on top of the security updates. Between this and task-harden, you should have a pretty good approximation of what bastille linux does... although you would still do well to learn as much as you can about security and to apply that to your system.
If you're serious about hardening your system and are willing to spend some time on it, you can also install LIDS (or something similar), which impliments mandatory access controls. Properly configured it would make it impossible for someone to install a rootkit, for example, or for anyone to read your shadow password file... even with root access. This isn't a simple install however: It will take work to configure your system so that it is both secure AND functioning. On Thu, Aug 16, 2001 at 10:36:26AM -0500, Lance Peterson wrote: > Since the Bastille project only supports RedHat and Mandrake (so says > their web site), how would I go about hardening my Debian System in the > same way that Bastille does for the other distros? > > Maybe if I knew what got hardened, I could harden it myself (now get > your minds out of the gutter here - I know that sounds bad!!) > > Lance Peterson > > __________________________________________________ > FREE voicemail, email, and fax...all in one place. > Sign Up Now! http://www.onebox.com > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "It is love, not reason, that is stronger than death." - Thomas Mann, The Magic Mountain.
