"So we begin with a fresh install of the system with the Linux distribution of your choice, and in that installation process we'll choose the security settings for "High" or whatever the equivalent is if the option is available. This should enable package filtering, regulating what is and isn't allowed to connect to your system."
This article doesn't do much to explain how to secure your system, it just says when you install the system choose the "High" secure setting. That must mean everything is secure at this point??? It doesn't really explain to a person what's going on and how/what they can do to help protect themselves. What if someone decides to turn off iptables or ipchains because they are not "using" it, as far as they know. Then the machine is wide open as far as a firewall is concerned. Also I can make my ports filtered by using my own iptables why do I need bastille linux running on top of everything. Has anyone ever used Bastille Linux? The article says Bastille should explain what it's doing along the way. I wonder if it shows each iptables command and the different options for each? I'll have to install Bastille somewhere and see what it will do. Seems like if you are installing Bastille then you wouldn't need to install "High" security when installing in the beginning? Then what happens when a user what's to connect his linux box via samba to his windows machine, will he know what to turn off in Bastille? Buck, It looks like Bastille is just a package that you can install and it will run on top of your current OS. But it will probably render the OS useless if you tighten the security as far as it will go. For a server that's only running FTP then sure why not lock it down, but how many people have a server that's ONLY running ftp? The article does provoke good discussions, but doesn't seem to explain much about Linux securty. -- Brad Bendily - CNA
