How to Harden Your Linux Servers Security with Bastille
The Bastille hardening program “locks down” an operating system, pro-actively configuring the system for increased security and decreasing its susceptibility to compromise and downtime. Bastille can also assess a system’s current state of hardening, granularly reporting on each of the security settings with which it works. It currently supports the Red Hat (Fedora, Enterprise, and Numbered/Classic), SUSE, Ubuntu, Debian, Gentoo, Mandrake, Mac OS X and HP-UX.
Bastille’s focuses on letting the system’s user/administrator choose exactly how to harden the operating system. In its default hardening mode, it interactively asks the user questions, explains the topics of those questions, and builds a policy based on the user’s answers. It then applies the policy to the system. In its assessment mode, it builds a report intended to teach the user about available security settings as well as inform the user as to which settings have been tightened.
Install Bastille on Ubuntu/Debian
Install Bastille using the following command on Ubuntu/Debian and its derivatives:
sk@sk:~$ sudo apt-get install bastille perl-tk
Execute the following command to start using Bastille:
sk@sk:~$ sudo bastille
First it will display License Agreement. Type accept to agree:
[...] You must accept the terms of this disclaimer to use Bastille. Type "accept" (without quotes) within 5 minutes to accept the terms of the above disclaimer > accept
Then you may see a screen like below. Click Ok to proceed further.
The installer will ask you the series of questions, mostly the questions are yes or no type. Each question is self-explanatory. Go through the each question carefully and setup your server security accordingly. If don’t know what to set, just click on Restore Default. Bastille will select the default settings for you automatically.
After you answered all questions, it will ask you to save the changes. If you are happy with the settings, just click on Save configuration, or click on Go back and change the configuration to perform all the steps from beginning.
Revert Bastille Settings
If you wish to revert all the changes done by Bastille, run the following command. It will let your system to its default state:
sk@sk:~$ sudo RevertBastille
I must say that this tool is more easy than manually changing settings and will be definitely useful for new system administrators who don’t have much experience in server security hardening methods.
Like us on Facebook
This week Top Posts
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- Configure Your Browser To Use Tor On Ubuntu/Debian/Linux Mint : Tor, The Onion Router, is a network of Virtual Tunnels that allows users to communicate securely and...2 comments |
- Setup A Full Featured ITIL Management System Using Integria IMS On CentOS 6 : Integria IMS is a fully featured ITIL management system, featuring a ticketing system, inventory/C...2 comments |
- How To Upgrade From Ubuntu 13.04 Raring To Ubuntu 13.10 Saucy Salamander : Ubuntu 13.10 Saucy will be released on October 17th. Hope it will come with lot of improvements and ...0 comments |
- Install lamp with 1 command in Ubuntu 12.10, 13.04 Raring Ringtail & LinuxMint13 : Updated: 10/09/2012 :LAMP (Linux, Apache, MySQL and PHP) is an open source Web development platform ...0 comments |
- Install and Configure Samba share in Ubuntu 13.10 'Saucy Salamander' , 13.04| Howto : Updated 05-04-2013: One of the most asked features for Samba is a graphical user interface to help w...0 comments |
- Configure Your Browser To Use Tor On Ubuntu/Debian/Linux Mint
- Setup A Full Featured ITIL Management System Using Integria IMS On CentOS 6
- Install LibreOffice 4.1.3 in Elementary OS ‘Luna’
- How To Install Simple Scan in Crunchbang ‘Waldorf’
- Selene Media Encoder: Convert Audio, Video Files To Most Popular Formats
- Linux Kernel 3.12.2 Is Available For Download! Install / Upgrade Instructions
- CentOS 6.5 Has Been Officially Released!
- Format Junkie: Convert Media Files To All Popular Formats
- Setup Squid Proxy Server On openSUSE 13.1
- TimeShift: Restore Your Linux Desktop To Previous State
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .