[Dshield] Another Firewall

Johannes B. Ullrich jullrich at euclidian.com
Mon Aug 27 14:26:00 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Is anyone else running Bastille?  If so, what do you think of it?

Bastilled is more than a firewall. It is a set of scripts to harden Linux.
Besides setting up basic ipchains rules, it also checks a number of
different problems with standard linux distros. For example, it disables
suid programs, disallows remote root logins, sets up a 'safe' tmp dir
scheme and more.

What I like most about it is its interactive installed. Not only can you
select how much of it you would like to install, but the explanation is
quite verbose so you can use it as a simple teaching tool as well.

The parts I don't like about it:
- - the default firewall settings are very 'quiet'. Only a limited number of
ports are logged.
- - I never figured out the 'tmp dir protection' right. Usually I end up
with /tmp being littered with empty directories.

Bastille is designed for RedHat. But I think at least parts of it work
fine with other distros.

For details: http://www.sans.org/newlook/projects/bastille_linux.htm

Like DShield, Bastille is supported by the SANS Institute. Jay Beale, the
author of Bastille is a frequent speaker at SANS events (e.g. the IO
Wargames coming up in September: http://www.incidents.org/IOwargames )
and the Security Team Director at MandrakeSoft.


- -------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7ilh6VOIizK5pIDMRAt6eAKDWDVjkLdIYA4ZcdfsIy2OEGy8hHwCgr7KL
YmZ8B5OOHBMCLK77V02JLtM=
=i6a9
-----END PGP SIGNATURE-----




More information about the list mailing list