I tried Bastille from SLES8 some time ago, and it didn't work. I opened a problem with SUSE, and here's the response I got:
> As part of our evaluation of SLES8 as an internet-facing platform, I attempted > to run the RPM-provided "bastille" against our standard-build server. > [..] Unfortunately, we do not support Bastille for several reasons. The main one is, that it is trying to enforce its own permission settings to several components beyond our control. We simply do not know for sure what it is doing. However, SuSE Linux has its own permission control scheme which can be configured through /etc/sysconfig/security with different sets of parameters in /etc/permission* /etc/permission.d/* (the reference to "rc.config" should be "/etc/sysconfig/security" in the comments) You can set the permissions by running "SuSEconfig" or "chkstat -set ..." > Executing File Permissions Specific Configuration > Bareword "chkstat" not allowed while "strict subs" in use at > /usr/lib/Bastille/FilePermissions.pm line 306. Personally, I wouldn't trust a security checking program that does not even declare its functions properly... On the other hand, they are running it in strict mode at least. YMMV, though. > -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of > Kern, Thomas > Sent: Thursday, April 15, 2004 2:26 PM > To: [EMAIL PROTECTED] > Subject: [LINUX-390] Bastille ? > > > Our linux/86 people have added Bastille to their security > plan and I need to > look at it for Linux/390. > > Has anyone installed the latest Bastille on their Linux/390? > Does anyone have a source RPM for it? > > /Thomas Kern > /301-903-2211 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO > LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ============================================================================== If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail. <http://www.ml.com/email_terms/> ============================================================================== ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
