[wplug] comments on Bastille
Vanco, Donald
VANCOD at PIOS.com
Wed Apr 30 11:37:04 EDT 2003
Bill wrote:
> Is anyone using Bastille to harden their boxes?
>
> I do all the hardening on our boxes by hand at this point, and am just
> curious if Bastille is worth playing with?
Certainly only my opinion here, but circa RH 6.2 there was much
merit in Bastille. Current distros are, for the most part, put together
smarter and much more well managed to the point that Bastille for the
average joe is like swatting flies with a Howitzer. Certainly there's much
to be said for the learning experience of /reading/ what Bastille does - but
if you're already locking boxes down you likely know it already.
When it comes to security there's no substitute for well defined
(enterprise wide), policy - and Bastille (or at least it's ideals) can be a
part of a balanced breakfast in that respect.
> I mean is this a tool that I could use to automate my hardening
> procedures?
I can do any of this in kickstart for/with Red Hat (in %post)
YMMV
Don
More information about the wplug
mailing list