Aside from this, Bastille also sets up a default ipchains firewall for your system to prevent users to set up services on their own on your machine, I think.
Regards, Robert Varga On Thu, 2 Nov 2000, Ethan Benson wrote: > On Thu, Nov 02, 2000 at 09:26:27AM +0100, [EMAIL PROTECTED] wrote: > > I'd like to know if Bastille-Linux (which was intended for Red Hat > > 6.x-Systems) works fine on Debian, too, if anyone has experiences with it > > already > > and / or if there's an equivalent for Debian aswell. > > What do you think/know? > > greetings, > > Michael > > it would likely screw up your debian system. i believe the consensus > is that you really don't need bastille on debian. one of the main > things (last time i checked) that bastille does is remove stupid suid > bits (*cough* /sbin/dump) and do some silly permissions changes, like > changing /usr/sbin/adduser from 0755 to 0700, which is pointless since > anyone can download adduser from debian mirrors, and it only spews > errors when run as a normal user anyway. Debian is already VERY > conservative about suid bits, there are not really many you would > bother removing except on extremely hardened systems (say a firewall) > > other then that remove nfs-kernel-server, nfs-common, telnetd packages > and comment out anything you are not using in /etc/inetd.conf and run > /etc/init.d/inetd reload. > > also disable portmapper, which is the only real daemon that is a pain > to get rid of on debian (no longer so on woody, yay!) simplest option > is rm /etc/rcS.d/S41portmap. which works pretty well (you do have to > rekill portmap on netbase upgrades but that does not happen too often) > > also add: > > ## security updates > deb http://security.debian.org/debian-security/ potato/updates main contrib > deb http://security.debian.org/debian-non-US/ potato/non-US main contrib > deb-src http://security.debian.org/debian-security/ potato/updates main > contrib > deb-src http://security.debian.org/debian-non-US/ potato/non-US main contrib > > to your /etc/apt/sources.list and run apt-get update && apt-get dist-upgrade > to get all the current security updates. add non-free to those lists > if you have non-free in your other apt lines. > > -- > Ethan Benson > http://www.alaska.net/~erbenson/ >
