[wplug] comments on Bastille
redtoade
redtoade at yahoo.com
Sat May 3 15:12:54 EDT 2003
yeah, what Donald said...
What makes Bastille so nice is that for each step it
gives you a little bit of a text write up on how and
(more importantly) why it is making changes to the out
of the box installation. So as you walk through the
script, you learn where files are, why certain
permissions are security risks, do-s and don't-s of
user management, etc. etc. So if for nothing else,
walking through the script without even saving the
changes can be most beneficial.
On the other hand, I've known a few people that have
trouble getting the damn thing to run correctly on
RH8. It seems as though it was aimed at Mandrake
(although there is support for debian, HP-UX and now
Mac OS X) and a few of the libraries will need to be
installed "rpm --nodeps" on a RH8 box
(http://www.bastille-linux.org/perl-rpm-chart.html).
Which is quite bush league in my opinion!
Any way, the NAT features are the real reason I use
it. Closing ports and removing suid from services is
great and all... but not having to set up a single
iptable chain by hand is the best. It's up to you of
course. Personally I don't think the statement "Hey
baby, I can do iptables in my sleep!" is going to get
you any action down at the local pub... but if you're
the kind of person who prides themselves on such
achievements, then you won't need Bastille.
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
More information about the wplug
mailing list