system hardening : bastille : ubuntu default security

Luis Murillo lmurillo at gmx.net
Mon Sep 19 13:52:31 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've installed and configured Bastille a couple of times on Debian and
Ubuntu :)
Although I can't exactly remember what I choose every time, I read and
anylize what the description says, now I don't read the whole
description all the time, so at least take a quick look over the
description.
I don't say yes to everything, since I want my system to be usable as a
workstation, since there are options that would be for a server or
firewall, like for example there is an option that disables the printer
system lpr, and another option that limits the amount of resources that
can be used in the system to prevent buffer overflows. I have enabled
options like the one that disables FTP servers, and any user from
running tools like ping and ifconfig, so only a user with root
permissions can use them.
Now why didn't I use the bastille firewall? well I had firestarter
installed and it's taking care of the firewall, but I'm planning on
changing it from firestarter to Arno's Firewall Script. I have used
bastille firewall before and has worked great, I use it specially when I
need to get the firewall up and doing NAT in a couple of minutes,
although firestarter can do the same.
Remember that there is no one "size fits all" in security, and what
works for me not necesarilly may work for you. For example if you were
so set up a server then you would disable the gcc (GNU C Compiler),
although I wouldn't install it on that system anyways. There is no 100%
security solution and a secure computer is only that is in a concrete
box in the bottom of the ocean, but bastille helps to configure the
system in a secure manner by using scripts of commands which can be
executed by a user with enough permissions.

I hope this helps :)
If you have anymore questions you can e-mail me

R.L. Reingard wrote:
> 
> Hello Luis
> do you remember what you have done in detail? you said 'yes' to 
> everything? or?
> why you do not use the firewall configuration from bastille?
> the only thing i do not want to do is messing up the default security 
> configuration of Ubuntu Hoary. but what is anyway to say about that 
> configuration? i guess it's save, but the question here would be, does 
> Bastille truly makes it saver?
> thank you for answering.
> René
> 
> +++
> 
>> Am 19.09.2005, 02:14 Uhr, schrieb Luis Murillo <lmurillo at gmx.net>:
> 
> 
>> I have used bastille in my Ubuntu system. It works great and hasn't
>> given me any problems. I would suggest that you read everything in
>> bastille carefully so you don't end up doing something you didn't want
>> to, like disabling the printer system :)
>> I currently don't use the firewall configuration it has, but I know that
>> it does work since I have used it before.
> 
> 
>>> R.L. Reingard wrote:
>>> does anybody ever hardened Ubuntu with 'Bastille'?
>>> i would like to hear of some experiences and suggestions.
> 
> 

- --
Luis Murillo
lmurillo at gmx.net
Cel: (506) 351-8251
Heredia, Costa Rica

GPG KeyID: D66B35FD
gpg --keyserver pgp.mit.edu --recv-keys D66B35FD
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFDLsKfv7xQYtZrNf0RAsVSAJ95c+FlKJ56EBgsXoFy6aKk96WmzQCgif4M
zSwIqajszUsF7dDH+28LJgc=
=MbVu
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list