Hi All:)
I would like to start using a tool for automating of os hardening. I found some informations about Bastille. One things which attracted my attention is that in http://bastille-linux.sourceforge.net/news_updates.htm the last post is from January 29th, 2012 :D
Is the tool ready to use at the moment with CentOS 6/7? Are there any alternatives which you can recommend?
Thanks for all info :)
BR, Rafal.
On 18 October 2014 17:45, Rafał Radecki radecki.rafal@gmail.com wrote:
Hi All:)
I would like to start using a tool for automating of os hardening. I found some informations about Bastille. One things which attracted my attention is that in http://bastille-linux.sourceforge.net/news_updates.htm the last post is from January 29th, 2012 :D
Why would you be excited by a message saying "we're starting back up" from 3 years ago with no further information ...
To my knowledge this is completely dead and out of scope for C6/C7 security.
Is the tool ready to use at the moment with CentOS 6/7? Are there any alternatives which you can recommend?
It's a dead project - forget it.
If you want to think about security you should be looking at the RHEL security guides to start with:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/htm...
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
After reading through the upstream documentation you may want to read some external sources such as the CIS guidelines:
http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120
http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel7.100
Always keep in mind though security is a process - there's not a magic script that makes a system secure but rather a properly layered system of protection and review.
Don't go into securing an OS thinking there you can run one application/script and check the box marked secure as a result. Apply critical thinking to each setting, set up your firewall properly, don't disable selinux and monitor properly (along with backups) as your keystones to work from.
I thought that Bastille is dead and wanted to confirm that. Still, are there any alternatives worth mentioning? I do not look for a 'magic script' but for a tool which could ease at least partially the securing process. Of course as always puppet or similar tool can be used and I think that I will go in that direction.
Monitoring/selinux/firewalling are standard things and I am using them.
I already gathered some resources, I am mostly using info from http://wiki.centos.org/HowTos/OS_Protection https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf and checking Nessus currently ;) It looks very promising...
BR,
Rafal
On 18 October 2014 17:45, Rafał Radecki radecki.rafal@gmail.com wrote:
Hi All:)
I would like to start using a tool for automating of os hardening. I
found
some informations about Bastille. One things which attracted my attention is that in http://bastille-linux.sourceforge.net/news_updates.htm the
last
post is from January 29th, 2012 :D
Why would you be excited by a message saying "we're starting back up" from 3 years ago with no further information ...
To my knowledge this is completely dead and out of scope for C6/C7 security.
Is the tool ready to use at the moment with CentOS 6/7? Are there any alternatives which you can recommend?
It's a dead project - forget it.
If you want to think about security you should be looking at the RHEL security guides to start with:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/htm...
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
After reading through the upstream documentation you may want to read some external sources such as the CIS guidelines:
http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120
http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel7.100
Always keep in mind though security is a process - there's not a magic script that makes a system secure but rather a properly layered system of protection and review.
Don't go into securing an OS thinking there you can run one application/script and check the box marked secure as a result. Apply critical thinking to each setting, set up your firewall properly, don't disable selinux and monitor properly (along with backups) as your keystones to work from. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Was thinking of checking out
but have not had the time. Might be worth a look.
K
-
James Hogarth -
Kahlil Hodgson -
Rafał Radecki