Package: bastille
Version: 1:3.0.9-8
Severity: grave
Justification: renders package unusable
InteractiveBastille crashes silently after the last screen, where the
contributors are displayed. bastille -b gives the following error message:
NOTE: Bastille is now locking down your system in accordance with your
answers in the "config" file. Please be patient as some modules
may take a number of minutes, depending on the speed of your
machine.
NOTE: Executing Firewall Specific Configuration
Undefined subroutine &Bastille::API::ActionLog called at
/usr/lib/Bastille/Debian_API.pm line 37.
Compilation failed in require at /usr/sbin/BastilleBackEnd line 133.
As far as I can see, ActionLog really isn't defined anywhere.
I upgraded bastille to the squeeze version because of bug #510884. Could this
be a dependency problem?
Here's /etc/Bastille/config:
# Q: Would you like to enforce password aging? [Y]
AccountSecurity.passwdage="N"
# Q: Should Bastille disable clear-text r-protocols that use IP-based
authentication? [Y]
AccountSecurity.protectrhost="Y"
# Q: Should we disallow root login on tty's 1-6? [N]
AccountSecurity.rootttylogins="N"
# Q: Would you like to deactivate the Apache web server? [Y]
Apache.apacheoff="Y"
# Q: Would you like to bind the Web server to listen only to the localhost? [N]
Apache.bindapachelocal="Y"
# Q: Would you like to password-protect the GRUB prompt? [N]
BootSecurity.protectgrub="N"
# Q: Would you like to disable CTRL-ALT-DELETE rebooting? [N]
BootSecurity.secureinittab="N"
# Q: Should we restrict console access to a small group of user accounts? [N]
ConfigureMiscPAM.consolelogin="N"
# Q: Would you like to put limits on system resource usage? [N]
ConfigureMiscPAM.limitsconf="Y"
# Q: Would you like to set more restrictive permissions on the administration
utilities? [N]
FilePermissions.generalperms_1_1="Y"
# Q: Would you like to disable SUID status for mount/umount?
FilePermissions.suidmount="N"
# Q: Would you like to disable SUID status for ping? [Y]
FilePermissions.suidping="N"
# Q: Would you like to disable SUID status for printing utilities? [N]
FilePermissions.suidprint="N"
# Q: Do you need the advanced networking options?
Firewall.ip_advnetwork="Y"
# Q: Should Bastille run the firewall and enable it at boot time? [N]
Firewall.ip_enable_firewall="Y"
# Q: Would you like to run the packet filtering script? [N]
Firewall.ip_intro="Y"
# Q: Interfaces for DHCP queries: [ ]
Firewall.ip_s_dhcpiface=" "
# Q: DNS servers: [0.0.0.0/0]
Firewall.ip_s_dns="0.0.0.0/0"
# Q: ICMP allowed types: [destination-unreachable echo-reply time-exceeded]
Firewall.ip_s_icmpallowed="destination-unreachable echo-reply time-exceeded
echo.request"
# Q: ICMP services to audit: [ ]
Firewall.ip_s_icmpaudit=" "
# Q: ICMP types to disallow outbound: [destination-unreachable time-exceeded]
Firewall.ip_s_icmpout="destination-unreachable time-exceeded"
# Q: Internal interfaces: [ ]
Firewall.ip_s_internaliface="eth0"
# Q: TCP service names or port numbers to allow on private interfaces: [ ]
Firewall.ip_s_internaltcp="ssh"
# Q: UDP service names or port numbers to allow on private interfaces: [ ]
Firewall.ip_s_internaludp="ntp"
# Q: Masqueraded networks: [ ]
Firewall.ip_s_ipmasq="192.168.1.0/24"
# Q: Kernel modules to masquerade: [ftp raudio vdolive]
Firewall.ip_s_kernelmasq="ftp"
# Q: NTP servers to query: [ ]
Firewall.ip_s_ntpsrv=" "
# Q: Force passive mode? [N]
Firewall.ip_s_passiveftp="Y"
# Q: Public interfaces: [eth+ ppp+ slip+]
Firewall.ip_s_publiciface="wlan+ ra+ ppp+ slip+"
# Q: TCP service names or port numbers to allow on public interfaces:[ ]
Firewall.ip_s_publictcp="ssh gnutella-svc"
# Q: UDP service names or port numbers to allow on public interfaces:[ ]
Firewall.ip_s_publicudp=" "
# Q: Reject method: [DENY]
Firewall.ip_s_rejectmethod="DENY"
# Q: Enable source address verification? [Y]
Firewall.ip_s_srcaddr="Y"
# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login
linuxconf ssh]
Firewall.ip_s_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf
ssh"
# Q: TCP services to block: [2049 2065:2090 6000:6020 7100]
Firewall.ip_s_tcpblock="2049 2065:2090 6000:6020 7100"
# Q: Trusted interface names: [lo]
Firewall.ip_s_trustiface="lo"
# Q: UDP services to audit: [31337]
Firewall.ip_s_udpaudit="31337"
# Q: UDP services to block: [2049 6770]
Firewall.ip_s_udpblock="2049 6770"
# Q: Would you like to set up process accounting? [N]
Logging.pacct="N"
# Q: Would you like to disable acpid and/or apmd? [Y]
MiscellaneousDaemons.apmd="N"
# Q: Would you like to disable GPM? [Y]
MiscellaneousDaemons.gpm="N"
# Q: Would you like to deactivate NFS and Samba? [Y]
MiscellaneousDaemons.remotefs="Y"
# Q: Alert on all new packets?
PSAD.psad_alert_all="Y"
# Q: psad check interval: [15]
PSAD.psad_check_interval="15"
# Q: Would you like to setup psad?
PSAD.psad_config="Y"
# Q: Danger Levels: [5 50 1000 5000 10000]
PSAD.psad_danger_levels="5 50 1000 5000 10000"
# Q: Email addresses: [r...@localhost]
PSAD.psad_email_alert_addresses="r...@localhost"
# Q: Email alert danger level: [1]
PSAD.psad_email_alert_danger_level="2"
# Q: Should Bastille enable psad at boot time? [N]
PSAD.psad_enable_at_boot="Y"
# Q: Enable automatic blocking of scanning IPs?
PSAD.psad_enable_auto_ids="N"
# Q: Enable scan persistence?
PSAD.psad_enable_persistence="N"
# Q: Port range scan threshold: [1]
PSAD.psad_port_range_scan_threshold="2"
# Q: Scan timeout: [3600]
PSAD.psad_scan_timeout="3600"
# Q: Show all scan signatures?
PSAD.psad_show_all_signatures="N"
# Q: Would you like to disable printing? [N]
Printing.printing="Y"
# Q: Would you like to disable printing? [N]
Printing.printing_cups="N"
# Q: Would you like to display "Authorized Use" messages at log-in time? [Y]
SecureInetd.banners="N"
# Q: Should Bastille ensure inetd's FTP service does not run on this system?
[y]
SecureInetd.deactivate_ftp="Y"
# Q: Should Bastille ensure the telnet service does not run on this system? [y]
SecureInetd.deactivate_telnet="Y"
# Q: Do you want to stop sendmail from running in daemon mode? [Y]
Sendmail.sendmaildaemon="Y"
# Q: Would you like to install TMPDIR/TMP scripts? [N]
TMPDIR.tmpdir="N"
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'oldstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: lang=de...@utf-8, lc_ctype=de...@utf-8 (charmap=UTF-8) (ignored: LC_ALL
set to de_DE.UTF-8)
Shell: /bin/sh linked to /bin/bash
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
