
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
116
|
Chapter 3: Hardening Linux and Using iptables
Bastille writes its logs into /root/Bastille/log/ (Bastille’s home directory varies by dis-
tribution). Two logs are created: action-log and error-log. action-log provides a com-
prehensive and detailed accounting of all Bastille’s activities. Errors and other
unexpected events are logged to error-log.
Hooray! I’m Completely Secure Now! Or Am I?
Okay, we’ve carefully read and answered the questions in InteractiveBastille, we’ve
rebooted, and we’ve reviewed Bastille’s work by going over its logs. Are we there yet?
Well, our system is clearly much more secure than it was before we started. But as
Bruce Schneier is fond of saying, security is a process, not a product. While much of
the work necessary to bastionize a system only needs to be performed once, many
important security tasks, such as applying security patches and monitoring logs,
must be performed on an ongoing basis.
Also, remember our quest for “Defense in Depth”: having done as much as possible
to harden our base operating system, we still need to leverage any and all security
features supported by our important applications and services. That’s what the rest
of this book is about.