[CentOS] Your experience with os hardening tool - Bastille?

Sat Oct 18 18:21:40 UTC 2014
James Hogarth <james.hogarth at gmail.com>

On 18 October 2014 17:45, Rafał Radecki <radecki.rafal at gmail.com> wrote:

> Hi All:)
>
> I would like to start using a tool for automating of os hardening. I found
> some informations about Bastille. One things which attracted my attention
> is that in http://bastille-linux.sourceforge.net/news_updates.htm the last
> post is from January 29th, 2012 :D
>

Why would you be excited by a message saying "we're starting back up" from
3 years ago with no further information ...

To my knowledge this is completely dead and out of scope for C6/C7 security.


>
> Is the tool ready to use at the moment with CentOS 6/7? Are there any
> alternatives which you can recommend?
>
>
It's a dead project - forget it.

If you want to think about security you should be looking at the RHEL
security guides to start with:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security_Guide/index.html

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Security_Guide/index.html

After reading through the upstream documentation you may want to read some
external sources such as the CIS guidelines:

http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120

http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel7.100

Always keep in mind though security is a process - there's not a magic
script that makes a system secure but rather a properly layered system of
protection and review.

Don't go into securing an OS thinking there you can run one
application/script and check the box marked secure as a result. Apply
critical thinking to each setting, set up your firewall properly, don't
disable selinux and monitor properly (along with backups) as your keystones
to work from.