IDS mailing list archives
Re: Information required about Bastille-linux
From: Michael Rash <mbr () cipherdyne org>
Date: Thu, 14 Jun 2007 20:02:26 -0400
On Jun 13, 2007, john lokka wrote:
Hopefully, this will answer most of your questions -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of ahm_irf () yahoo com Sent: Tuesday, June 12, 2007 9:52 PM To: focus-ids () securityfocus com Subject: Information required about Bastille-linux 1) I need to know advantages and disadvatages of Bastille-linux Advantages - locks down red hat and mandrake linux platforms - created via scripts (don't remember which language) - easily modifible - has a verification function (compare and contrast between the "stored" baseline and the actual implementation Disadvantages - none really. 2) how sound Bastille-linux is in terms of intrusion detection. Is there any criteria through which we can compare or measure its soundness. Bastille does not monitor for intrusion detection. Bastille is a lockdown (permissions, open ports) script
While it's true that the focus of Bastille is not intrusion detection, it does have the ability to configure psad: http://www.cipherdyne.org/psad/ This allows attacks to be detected via an iptables policy that is configured in a default log-and-drop stance. -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Information required about Bastille-linux ahm_irf (Jun 13)
- <Possible follow-ups>
- RE: Information required about Bastille-linux john lokka (Jun 13)
- Re: Information required about Bastille-linux Michael Rash (Jun 15)