Has anyone got Bastille-linux running on Centos-5.6?
http://bastille-linux.sourceforge.net claims RHEL5 support but I ran into problems running it on a Centos 5.6 test system.
First I had to "ln -s /usr/lib64/Bastille /usr/lib" just to get it to run at all. Then I tried faking /etc/redhat-release with
Red Hat Enterprise Linux Server release 5.6
... but I get this (why would it want "HPSpecific.pm" !!!???:
[root@slice244:sting ~]# bastille --assessnobrowser ERROR: Couldn't determine Red Hat version! Setting to 9! ERROR: Couldn't determine Red Hat version! Setting to 9! NOTE: Using audit user interface module. Can't locate Bastille/API/HPSpecific.pm in @INC (@INC contains: /usr/lib /usr/lib/perl5/site_perl//5.8.8 /usr/lib/perl5/site_perl/ /usr/lib/Bastille /opt/sec_mgmt/bastille/lib /opt/sec_mgmt/bastille/lib/API /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/lib/Bastille/IOLoader.pm line 8. BEGIN failed--compilation aborted at /usr/lib/Bastille/IOLoader.pm line 8. Compilation failed in require at /usr/sbin/InteractiveBastille line 414.
Trying to force with "--os RHEL5" just gives the usage message!!!
<winge> doncha just hate that? wouldn't hurt the developer to tell you what's actually wrong rather than just the blummin usage message!!! </winge>
Usage: bastille [ -b | -c | -x ] [ --os <version>] [ -f <alternate config> ] bastille [-r | -l | -h | --assess | --assessnobrowser ] -b : use a saved config file to apply changes directly to system -c : use the Curses (non-X11) GUI, not available on HP-UX -h : this help -f : populate answers with alternate configuration file -r : revert Bastille changes to original file versions (pre-Bastille) -l : list the standard config file(s) (if any) that matches the last run config --os version : ask all questions for the given operating system version. e.g. --os HP-UX11.11 -x : use the Perl/Tk (X11) GUI --assess / -a : run Bastille in assessment mode, generating a report and displaying it in a browser --assessnobrowser : run Bastille in assessment mode, generating a report with no browser
TIA
On Fri, Jun 3, 2011 at 1:57 AM, Bob Hepple bhepple@promptu.com wrote:
http://bastille-linux.sourceforge.net claims RHEL5 support but I ran into problems running it on a Centos 5.6 test system.
It also claims that "Bastille UNIX release coming January 14th, 2008." ;-)
Looks like abandon-ware, unfortunately. It was a good idea, really.
BR Bent
On Fri, 3 Jun 2011 07:11:18 +0200 Bent Terp bent@terp.se wrote:
On Fri, Jun 3, 2011 at 1:57 AM, Bob Hepple bhepple@promptu.com wrote:
http://bastille-linux.sourceforge.net claims RHEL5 support but I ran into problems running it on a Centos 5.6 test system.
It also claims that "Bastille UNIX release coming January 14th, 2008." ;-)
Looks like abandon-ware, unfortunately. It was a good idea, really.
Yes it was, and HP put quite a lot of resource to make it sing on HP-UX by the look of it. Pity.
On Thu, Jun 2, 2011 at 7:57 PM, Bob Hepple bhepple@promptu.com wrote:
Has anyone got Bastille-linux running on Centos-5.6?
Nope, but I have a hardening document that I wrote up for an earlier version of Red Hat that might be applicable -- I incorporated the Bastille recommendations into my documentation rather than just running the package because I wanted to know what each thing was doing.
Let me know if you'd like me to see if I can dig that up.
Regards,
M
On Fri, 3 Jun 2011 01:15:14 -0400 Meenoo Shivdasani meenoo@gmail.com wrote:
On Thu, Jun 2, 2011 at 7:57 PM, Bob Hepple bhepple@promptu.com wrote:
Has anyone got Bastille-linux running on Centos-5.6?
Nope, but I have a hardening document that I wrote up for an earlier version of Red Hat that might be applicable -- I incorporated the Bastille recommendations into my documentation rather than just running the package because I wanted to know what each thing was doing.
Let me know if you'd like me to see if I can dig that up.
Regards,
M
Thanks for that - it might be of general interest so why not!! If it's not too hard to find. Here's another one I found:
http://www.puschitz.com/SecuringLinux.shtml
Cheers
Bob
Bob Hepple wrote:
Meenoo Shivdasani meenoo@gmail.com wrote:
Bob Hepple bhepple@promptu.com wrote:
Has anyone got Bastille-linux running on Centos-5.6?
Bastille-Linux aside, for completeness, see also:
R. P. Herrold's excellent articles on hardening CentOS: http://orcorc.blogspot.com/2010/12/hitting-ground-running.html http://www.pmman.com/usage/hardening/
and the U.S. NSA guides: http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
On Sat, 4 Jun 2011 07:21:12 -0700 Charles Polisher cpolish@surewest.net wrote:
Bob Hepple wrote:
Meenoo Shivdasani meenoo@gmail.com wrote:
Bob Hepple bhepple@promptu.com wrote:
Has anyone got Bastille-linux running on Centos-5.6?
Bastille-Linux aside, for completeness, see also:
R. P. Herrold's excellent articles on hardening CentOS: http://orcorc.blogspot.com/2010/12/hitting-ground-running.html http://www.pmman.com/usage/hardening/
and the U.S. NSA guides: http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
... thanks for all the above - plenty for me to work through ...
Cheers
Bob
-
Bent Terp -
Bob Hepple -
Charles Polisher -
Meenoo Shivdasani