http://bastille-linux.org/news.html




Well I've installed it and run through the security prompts (and rebooted) on my CPanel/RHE3 server with no apparent problems. I didn't let it do anything that I thought might interfere with cpanel though... (like apache settings, etc) but the basic OS security stuff I let it tweak.

I've been waiting for Bastille to come out for RHEL 3 for a while now... it seems pretty neat... maybe a little less than what I was expecting... but it got into some security things that I didn't know about. So it's a good tool to tighten things up... an extra layer of defense.

nice, I'm goimg to take a look later on

I might give this a go later too, anyone else tried it?

It would be nice if someone could post a step-by-step for Bastille (and specifically RHE if necessary), just as we have step-by-step for APF, etc.

The main thing that made me hesitate is that I think it defaults to an x-windows interface, and I want to know how to do everything from the command line (via SSH) and get things set up properly. Also, if I am already running the APF firewall, does Bastille's firewall modify that? Replace it? Add another layer of firewalling?

In other words, perhaps this is something that should be set up before everything else? I just don't know. We need an expert! Is there one in the house?

It gives you the command to use for a command shell in the instructions...

I think it's


I run APF as well, and I just skipped bastille's firewall setup, since I didn't think I needed it. I believe it uses iptables, the standard linux firewall - so rules are going to get overwritten at some point.

Anyone have any luck installing Bastille on Redhet Enterprise 3?
I'm rather confused with http://www.bastille-linux.org/news.html.

This seems to say that the downloadable RPM now works with Redhat Enterprise, but that Curses (and a non-RPM version of it) is also required for command-line operation. (I would be running Bastille via ssh).

I thought I would try installing the Bastille RPM w/o Curses, as there are a lot of files installed on my server that seem to be related to curses, so I thought it might be installed already. When I install Bastille via rpm, I get no errors, but it doesn't work. There is a functional man page, but no record on my system of any executable called "bastille" or "Bastille".

I downloaded the Curses file at http://www.cpan.org/modules/by-category/08...ses-1.06.tar.gz but I was totally confused by it. The INSTALL help file tells me to examine "hints" files, and asks if I need "PANELS" support and stuff I don't know anything about.

Anyone have any ideas? We really need a "Installing Bastille on RHEL for dummies" guide.

Hmm, I had no trouble at all installing it and running it.

Here's what I did... updated and made sure I had perl Curses installed via Cpanel's perl module installer. It was already installed for me though. Then installed the bastille rpm...

then typed
bastille -c
to start the command-line version.

I have bastille in /usr/sbin/bastille

Ok, I figured out *part* of why I was having trouble.

1. I didn't have /usr/sbin in my path for some reason. (Isn't this default? Any idea why this wouldn't be in my path to begind with?) So, I couldn't run it except from its directory.

2. I was using "locate" to try to find its install dir, but my locate db was out of date, so it looked like the file didn't exist.

3. I really wish programmers would just tell you where something gets installed. I had to re-RPM install it with debug information on just so I can see where its writing to. Although this wouldn't have been a problem with a consistant PATH.

However, I'm not convinced Bastille is working. I tried it on Fedora via X-Windows, and after adjusting settings, it asks to save settings and THEN apply them. On RHEL via ssh, it asked if I wanted to save, and then it basically exited in an ugly way, spewing characters across the screen. I noticed that httpd.conf was not edited, for example, which I would have expected. Other things that I thought would be modified didn't seem to have changed, so I question if it did anything at all. Thoughts?

Friends:
I am trying to run Bastille in my server
as per
http://www.bastille-linux.org/running_bastille_on.htm
but for this also need this

perl Modules, by distribution
as per note:

if you want to use Hardening mode, you'll need to

install perl-Tk
(for our Graphical Interface) or perl-Curses (for console/text mode).
(Installing perl-Tk/perl-Curses isn't necessary in Assessment mode, as it
generates a report in both HTML and Text.)

You can usually do this most easily by getting the RPM shown in this table, installing
from
Red Hat 6.2
to
Red Hat 9 as per :
http://www.bastille-linux.org/perl_rpm_chart.htm
But I am not sure which one is correct one,
for this to work,
my server 's on:
Red Hat Enterprise Linux ES release 3 (Taroon Update 5)

please check this out and let me know which perl-curses
would be appropiate.
thanks and regards
from zuniga