[plug] Bastille

Alan Graham alan.graham at infonetsystems.com.au
Mon Sep 3 11:04:33 WST 2001


I've been using it for months now.  However, I'm *not* a security expert by
any stretch of the imagination, so Bastille is heaps better than my roll
your own firewall sripts.   It worked fine (as far as I could tell) on a
2.2.26 kernel, and handled the swith to 2.4.4 without missing a beat.  All
of the changes that I've made have been actioned, but they've been along
the lines of opening or closing particular port ranges, so easy to check. 
I haven't examined the results in as much detail as looking at SUID status.

Alan

On 2001.09.03 19:40 Rob Dunne wrote:
> Hi list,
>         has anyone used Bastille?
> 
> I have had a go, just making a simple change, disabling SUID status for
> mount/umount, so that I can see what is happening. 
> 
> Bastille makes a
> configuration script containing this
> # Q: Would you like to disable SUID status for mount/umount?  
> FilePermissions.suidmount="Y"
> 
> 
> But when I tell it to make the changes it doesnt change anything.
> Also
> http://www.securityfocus.com/frames/?focus=linux&content=/focus/linux/articles/linux-bastille.html
> says that Bastille has a logging mode -- I cant see any sign of this
> 
> 
> 							bye
> 							rob
> 
> -- 
>  Rob Dunne         Fax: +61 8 9333 6121     Tel: +61 8 9333 6178
>  CSIRO Mathematical and Information Sciences
>  Leeuwin Centre for Earth Sensing Technologies 
>  Private Bag 5, P.O., Wembley, Western Australia, 6013         
>  http://matilda.vu.edu.au/~dunne  Email: Robert.Dunne at cmis.csiro.au
> 
>         Java has certainly revolutionized marketing and litigation.
> 
> 
> 




More information about the plug mailing list