On Jun 13, 2007, john lokka wrote: > Hopefully, this will answer most of your questions > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Tuesday, June 12, 2007 9:52 PM > To: [email protected] > Subject: Information required about Bastille-linux > > 1) I need to know advantages and disadvatages of Bastille-linux > Advantages - locks down red hat and mandrake linux platforms > - created via scripts (don't remember which language) > - easily modifible > - has a verification function (compare and contrast > between the "stored" baseline and the actual implementation > > Disadvantages - none really. > > 2) how sound Bastille-linux is in terms of intrusion detection. Is > there any criteria through which we can compare or measure its > soundness. > Bastille does not monitor for intrusion detection. Bastille is a > lockdown (permissions, open ports) script
While it's true that the focus of Bastille is not intrusion detection, it does have the ability to configure psad: http://www.cipherdyne.org/psad/ This allows attacks to be detected via an iptables policy that is configured in a default log-and-drop stance. -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
