[CentOS] Your experience with os hardening tool - Bastille?

James Hogarth james.hogarth at gmail.com
Sat Oct 18 18:21:40 UTC 2014


On 18 October 2014 17:45, Rafał Radecki <radecki.rafal at gmail.com> wrote:

> Hi All:)
>
> I would like to start using a tool for automating of os hardening. I found
> some informations about Bastille. One things which attracted my attention
> is that in http://bastille-linux.sourceforge.net/news_updates.htm the last
> post is from January 29th, 2012 :D
>

Why would you be excited by a message saying "we're starting back up" from
3 years ago with no further information ...

To my knowledge this is completely dead and out of scope for C6/C7 security.


>
> Is the tool ready to use at the moment with CentOS 6/7? Are there any
> alternatives which you can recommend?
>
>
It's a dead project - forget it.

If you want to think about security you should be looking at the RHEL
security guides to start with:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security_Guide/index.html

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Security_Guide/index.html

After reading through the upstream documentation you may want to read some
external sources such as the CIS guidelines:

http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120

http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel7.100

Always keep in mind though security is a process - there's not a magic
script that makes a system secure but rather a properly layered system of
protection and review.

Don't go into securing an OS thinking there you can run one
application/script and check the box marked secure as a result. Apply
critical thinking to each setting, set up your firewall properly, don't
disable selinux and monitor properly (along with backups) as your keystones
to work from.



More information about the CentOS mailing list