[CentOS] Your experience with os hardening tool - Bastille?

Sat Oct 18 19:37:29 UTC 2014
Rafał Radecki <radecki.rafal at gmail.com>

I thought that Bastille is dead and wanted to confirm that. Still, are
there any alternatives worth mentioning? I do not look for a 'magic script'
but for a tool which could ease at least partially the securing process. Of
course as always puppet or similar tool can be used and I think that I will
go in that direction.

Monitoring/selinux/firewalling are standard things and I am using them.

I already gathered some resources, I am mostly using info from
http://wiki.centos.org/HowTos/OS_Protection
https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
and checking Nessus currently ;) It looks very promising...

BR,

Rafal

On 18 October 2014 17:45, Rafał Radecki <radecki.rafal at gmail.com> wrote:

>
> > Hi All:)
> >
> > I would like to start using a tool for automating of os hardening. I
> found
> > some informations about Bastille. One things which attracted my attention
> > is that in http://bastille-linux.sourceforge.net/news_updates.htm the
> last
> > post is from January 29th, 2012 :D
> >
>
> Why would you be excited by a message saying "we're starting back up" from
> 3 years ago with no further information ...
>
> To my knowledge this is completely dead and out of scope for C6/C7
> security.
>
>
> >
> > Is the tool ready to use at the moment with CentOS 6/7? Are there any
> > alternatives which you can recommend?
> >
> >
> It's a dead project - forget it.
>
> If you want to think about security you should be looking at the RHEL
> security guides to start with:
>
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security_Guide/index.html
>
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Security_Guide/index.html
>
> After reading through the upstream documentation you may want to read some
> external sources such as the CIS guidelines:
>
> http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120
>
> http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel7.100
>
> Always keep in mind though security is a process - there's not a magic
> script that makes a system secure but rather a properly layered system of
> protection and review.
>
> Don't go into securing an OS thinking there you can run one
> application/script and check the box marked secure as a result. Apply
> critical thinking to each setting, set up your firewall properly, don't
> disable selinux and monitor properly (along with backups) as your keystones
> to work from.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>