Bastille does explain to some extent what is going on. Even better, it will dump out a log of exactly what it did when everything is finished.
At 10:54 AM 4/11/2003 -0500, you wrote: >"So we begin with a fresh install of the system with the Linux >distribution >of your choice, and in that installation process we'll choose the security >settings for "High" or whatever the equivalent is if the option is >available. This should enable package filtering, regulating what is and >isn't allowed to connect to your system." > >This article doesn't do much to explain how to secure your system, >it just says when you install the system choose the "High" secure >setting. That must mean everything is secure at this point??? >It doesn't really explain to a person what's going on and how/what they >can do to help protect themselves. What if someone decides to >turn off iptables or ipchains because they are not "using" it, as far >as they know. Then the machine is wide open as far as a firewall >is concerned. > >Also I can make my ports filtered by using my own iptables >why do I need bastille linux running on top of everything. >Has anyone ever used Bastille Linux? > >The article says Bastille should explain what it's doing along >the way. I wonder if it shows each iptables command and the >different options for each? > >I'll have to install Bastille somewhere and see what it will do. > >Seems like if you are installing Bastille then you wouldn't need >to install "High" security when installing in the beginning? > >Then what happens when a user what's to connect his linux box via >samba to his windows machine, will he know what to turn off in >Bastille? > > >Buck, It looks like Bastille is just a package that you can install >and it will run on top of your current OS. But it will probably >render the OS useless if you tighten the security as far as it >will go. For a server that's only running FTP then sure why not >lock it down, but how many people have a server that's ONLY running >ftp? > >The article does provoke good discussions, but doesn't seem to >explain much about Linux securty. > >-- >Brad Bendily - CNA > > > >_______________________________________________ >General mailing list >[email protected] >http://brlug.net/mailman/listinfo/general_brlug.net --- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology Windows, UNIX, and IT Consulting http://www.puryear-it.com
