Bastille Adds Reporting, Grabs Fed Attention 151
johnny.ihackstuff.com writes "NewsForge interviews the Bastille project lead Jay Beale about Bastille's cool new assessment feature, which reports and scores Linux security and -- as always -- makes Linux lockdown super-easy. Available for many distros and Mac OS X, too. Best of all, it's free and open source!" As Jay points out in the interview, the work was "sponsored by the U.S. government's Technical Support Working Group." An anonymous reader summarizes the new capability: "In essence, Bastille now does two things. In one mode, it locks down an operating system, tweaking the configuration for increased security, asking you about each step and teaching you along the way. In the new Assessment mode, it reports on what hardening steps have been taken and what could be taken."
Why do we need to harden distros ? (Score:5, Insightful)
A windows version (Score:3, Insightful)
There's not a lot of decent tools for non-security-expert admins and windows could do with something like this (not meant as an anti-windows troll).
Unfortunately too many corporate windows admins have so many pressures on their time that security of every server isn't always given the time it needs it sounds like this could provide a framework for that security.
Scoring systems (Score:5, Insightful)
This is an excelent example of making an application have a "value" as incentive to do the right thing. People are by nature competative and will strive to improve a "score" even if it doesn't necessarily help them in any way. I give cudose to whoever decided to add this feature.
Re:Why do we need to harden distros ? (Score:5, Insightful)
Most distributions try to steer a happy medium. Some sacrifice security for simplicity. [slashdot.org] Others (like Bastille) take the opposite tack.
Re:Why do we need to harden distros ? (Score:2, Insightful)
Re:Why do we need to harden distros ? (Score:5, Insightful)
Only half the battle... (Score:2, Insightful)
Re:Why do we need to harden distros ? (Score:5, Insightful)
What about those of use whom don't use a distro? I often build systems from scratch and this gives me a convient useful tool to lock it down. Also why not go the other direction... Why don't distros use generic tools like this to keep their system secure out of the box. I would like to point out one thing though. People use linux for just about everything today. The wizard gives you the functionality to do non standard things to your system where as if the distro was secure out of the box when you add a new serice would you be able to say it was still secure or what happens if you make a mistake setting up a config file. Generic tools very good at what they do is much better than a large tools or relying on assumptions about the overall state of a system.
Re:Why do we need to harden distros ? (Score:4, Insightful)
Also auditing many applications takes time. You can expect a distro run by a few people to audit thousands of lines of code in each package.
Re:Call me a bluff traditionalist... (Score:5, Insightful)
Re:A windows version (Score:3, Insightful)
Bastille does useful things such as stop unneeded services. The *nux distros I've used have been far better out of the box than win32 machines I've seen. File permissions on win32 are also a nightmare. Bastille also locks down common userland apps. Misconfigured apache on win32 can do as much damage as apache on linux.
Re:Only half the battle... (Score:4, Insightful)
Usually when people update their windows servers it's because some virus or worm is rampaging about the net making everyone's life miserable. Whereas when I update my Linux server, it's because a couple propeller heads in a lab somewhere figured out some obscure weakness and the fix.
Re:A windows version (Score:3, Insightful)
Also, I'm sure he was joking but the Microsoft Baseline Security Analyzer does a fair job at locking down Windows. I haven't used Bastille so I can't compare (from what I've heard I'd bet Bastille is more thorough though).
Comment removed (Score:3, Insightful)
Re:Call me a bluff traditionalist... (Score:2, Insightful)
Instead of doing stupid skits commenting about what people are doing, all skits should end with insults being tossed around.
I mean, insulting someone in a foreign language. There's something that's actually useful!