I'm not sure. The solution here is to just use this on a test system first.
At 04:44 PM 4/11/2003 +0000, you wrote: >can you uninstall it just as easy and it will reverse the changes? >It would be cool to try it out, but if it's not what you are looking for, >it would be nice to know that it would reverse the changes on an uninstall. > > > >Adam J. Melancon > > >----Original Message Follows---- >From: Jason DeWitt <[EMAIL PROTECTED]> >Reply-To: [email protected] >To: [email protected] >Subject: Re: [brlug-general] A quick way to secure a Linux system >Date: Fri, 11 Apr 2003 11:14:14 -0500 > >I just ran bastille on my debian box here at work. It's still rebooting so >I'm not sure what nmap will say after that. It looks to me like Bastille >is simply a perl script that you run as a interface to modifying some hard >to find system settings. I don't think it runs as a daemon, or "on top of" >your current os. > >Brad N Bendily wrote: > >>"So we begin with a fresh install of the system with the Linux >>distribution of your choice, and in that installation process we'll >>choose the security settings for "High" or whatever the equivalent is if >>the option is available. This should enable package filtering, regulating >>what is and isn't allowed to connect to your system." >> >>This article doesn't do much to explain how to secure your system, >>it just says when you install the system choose the "High" secure >>setting. That must mean everything is secure at this point??? >>It doesn't really explain to a person what's going on and how/what they >>can do to help protect themselves. What if someone decides to >>turn off iptables or ipchains because they are not "using" it, as far >>as they know. Then the machine is wide open as far as a firewall is >>concerned. >> >>Also I can make my ports filtered by using my own iptables why do I need >>bastille linux running on top of everything. >>Has anyone ever used Bastille Linux? >> >>The article says Bastille should explain what it's doing along >>the way. I wonder if it shows each iptables command and the different >>options for each? >> >>I'll have to install Bastille somewhere and see what it will do. >> >>Seems like if you are installing Bastille then you wouldn't need >>to install "High" security when installing in the beginning? >> >>Then what happens when a user what's to connect his linux box via >>samba to his windows machine, will he know what to turn off in >>Bastille? >> >> >>Buck, It looks like Bastille is just a package that you can install >>and it will run on top of your current OS. But it will probably render >>the OS useless if you tighten the security as far as it >>will go. For a server that's only running FTP then sure why not >>lock it down, but how many people have a server that's ONLY running >>ftp? >> >>The article does provoke good discussions, but doesn't seem to explain >>much about Linux securty. >> >> > > > >_______________________________________________ >General mailing list >[email protected] >http://brlug.net/mailman/listinfo/general_brlug.net > > >_________________________________________________________________ >Add photos to your e-mail with MSN 8. Get 2 months FREE*. >http://join.msn.com/?page=features/featuredemail > > >_______________________________________________ >General mailing list >[email protected] >http://brlug.net/mailman/listinfo/general_brlug.net --- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology Windows, UNIX, and IT Consulting http://www.puryear-it.com
