A Digital Age Deserves A Digital Leader

Tip of the Trade: Bastille Linux

Tip of the Trade: Bastille Linux

Postby rippinchikkin » Wed Sep 13, 2006 12:00 pm

<img src="http://parcom.pro-networks.org/PROneT-News/Linux/News/10.jpg" align="right" alt="Tip of the Trade: Bastille Linux ">Tip of the Trade: Bastille Linux
By Carla Schroder
September 12, 2006

Every wise old system and network administrator knows that security is a multilayer process. You have your firewalls and other border security, perhaps some internal network segmentation, and application and operating system security.

However, locking down the operating system is probably the most crucial link in this chain. An excellent utility to help you probe, assess, and harden your Linux system is Bastille Linux. Bastille operates in two modes: hardening, and assessment. It asks you a series of questions, and builds a security policy based on the answers. In the hardening mode it applies the policy.

In assessment mode it generates an educational report. One of the most valuable features of Bastille is how well it teaches security policy. Even for seasoned admins, Linux contains a number of potential security holes in odd little nooks and crannies, like Set User ID (SUID) programs. SUID allows ordinary users to run executables with root permissions, like the mount and umount programs, which enable the use of removable media.

Bastille runs through all of these (you might be surprised at how many there are) and helps you strip the SUID bit from the ones that don't really need it. Another often-overlooked area is the dangerous old r-programs: rsh, rlogin and rcp. These still linger on a lot of modern distributions.

<img src="http://www.pro-networks.org/forum/images/smiles/source.jpg"> ServerWatch
<img src="http://www.pro-networks.org/forum/images/smiles/view.jpg" border="0"> <a href="http://www.serverwatch.com/tutorials/article.php/3631431" target="_blank"> complete article</a>
VP - Syndication
User avatar
Posts: 15191
Joined: Fri Mar 19, 2004 1:38 am
Location: 32°28′05″N 93°46′16″W

Return to Other Operating Systems

Who is online

Users browsing this forum: No registered users and 2 guests

cron
cron