The Bastille hardening program “locks down” an operating system, pro-actively configuring the system for increased security and decreasing its susceptibility to compromise and downtime. Bastille can also assess a system’s current state of hardening, granularly reporting on each of the security settings with which it works. It currently supports the Red Hat (Fedora, Enterprise, and Numbered/Classic), SUSE, Ubuntu, Debian, Gentoo, Mandrake, Mac OS X and HP-UX.
Bastille’s focuses on letting the system’s user/administrator choose exactly how to harden the operating system. In its default hardening mode, it interactively asks the user questions, explains the topics of those questions, and builds a policy based on the user’s answers. It then applies the policy to the system. In its assessment mode, it builds a report intended to teach the user about available security settings as well as inform the user as to which settings have been tightened.
Install Bastille on Ubuntu/Debian
Install Bastille using the following command on Ubuntu/Debian and its derivatives:
sk@sk:~$ sudo apt-get install bastille perl-tk
Execute the following command to start using Bastille:
sk@sk:~$ sudo bastille
First it will display License Agreement. Type accept to agree:
[...] You must accept the terms of this disclaimer to use Bastille. Type "accept" (without quotes) within 5 minutes to accept the terms of the above disclaimer > accept
Then you may see a screen like below. Click Ok to proceed further.
The installer will ask you the series of questions, mostly the questions are yes or no type. Each question is self-explanatory. Go through the each question carefully and setup your server security accordingly. If don’t know what to set, just click on Restore Default. Bastille will select the default settings for you automatically.
After you answered all questions, it will ask you to save the changes. If you are happy with the settings, just click on Save configuration, or click on Go back and change the configuration to perform all the steps from beginning.
Revert Bastille Settings
If you wish to revert all the changes done by Bastille, run the following command. It will let your system to its default state:
sk@sk:~$ sudo RevertBastille
I must say that this tool is more easy than manually changing settings and will be definitely useful for new system administrators who don’t have much experience in server security hardening methods.