
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
112
|
Chapter 3: Hardening Linux and Using iptables
Second, even if you do run a supported distribution, it’s extremely important that
you use Bastille as a tool rather than a crutch. There’s no good shortcut for learning
enough about how your system works to secure it.
The Bastille guys (Jay Beale and Jon Lasser) are at least as convinced of this as I am:
Bastille has a remarkable focus on educating its users.
Background
Bastille Linux is a powerful set of Perl scripts that both secure Linux systems and
educate their administrators. It asks clear, specific questions about your system that
allow it to create a custom security configuration. It also explains each question in
detail so that by the time you’ve finished a Bastille session, you’ve learned quite a bit
about Linux/Unix security. If you already understand system security and are inter-
ested only in using Bastille to save time, you can run Bastille in an “explain less”
mode that asks all the same questions but skips the explanations.
How Bastille came to be
The original goal of the Bastille team (led by Jon Lasser and Jay Beale) was to create a
new secure Linux distribution based on Red Hat. The quickest way to get their
project off the ground was to start with a normal Red Hat installation and then to
“Bastille-ify” it with Perl ...