You are in: Articles / Operating Systems / Hardening Linux with Bastille UNIX
 
 
 

Hardening Linux with Bastille UNIX

(Kevin Beaver, CISSP) Even with the common vulnerabilities I've talked about in the past, Linux is a solid operating system (OS) that stands up well to security tests. This doesn't mean, however, that you should let your guard down. Over time, configuration tweaks, third-party software and human intervention tend to change the security posture of once-secure Linux systems. This will inevitably lead, at best, to dings noted on vulnerability-assessment or audit reports.

But there is a way to establish a solid Linux security foundation and set your business up for future success, and that is hardening your Linux systems using Bastille UNIX, an open source project led by Jay Beale.

Formerly named Bastille Linux, the graphical user interface (GUI)-based Bastille UNIX steps you through the OS-hardening process for Debian, Gentoo, Mandriva, Red Hat and SUSE Linux distributions, as well as HP-UX and Mac OS X. Its intuitive question-and-answer approach allows you to lock your system down without having to worry about fat-fingering or configuring something incorrectly along the way. Bastille is not just a hardening program -- it's also a great learning aid, something that could be used to teach classes.

Bastille UNIX is an easy download and even easier to run. There are several system hardening categories you can choose from, including patches, file permissions, account security, domain name systems and more. As shown in Figure 1, Bastille prompts users with specific questions and offers detailed explanations to ensure that the effects of each action will be understood.

 
 
|
|
Rating: 12345
 
Leave a comment



Note: all fields marked with (*) are required
Comments (0)
 
Close send to email window
 



Verification code

Already a member?
Blacklist monitoring alerts
sign up Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted.
Free Signup
Mail Server Operating System Poll
.01

What OS do you use for your email server?
Linux
Windows
Other
disabled next
.02

How many mailboxes do you currently manage?
1-50
51-300
300+
previous next
.03

Would you like to comment upon the choosing of this particular OS?

previous
 
DNS Tools
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Ping Statistics
Reverse DNS Lookup
Whois Info (IP owner)
GeoIP Information
Check Port
Open Relay Test
Test if your mail server is an open relay for spammers.
Blacklist Checker
Check if your IP is listed in DNS based email blacklists (DNSBL)