Re: Information required about Bastille-linux

[Michael Rash <mbr () cipherdyne org>]

On Jun 13, 2007, john lokka wrote:

> Hopefully, this will answer most of your questions
>
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On Behalf Of ahm_irf () yahoo com
> Sent: Tuesday, June 12, 2007 9:52 PM
> To: focus-ids () securityfocus com
> Subject: Information required about Bastille-linux
>
> 1) I need to know advantages and disadvatages of Bastille-linux
> Advantages - locks down red hat and mandrake linux platforms
>                  - created via scripts (don't remember which language)
>                  - easily modifible
>                  - has a verification function (compare and contrast
> between the "stored" baseline and the actual implementation
>
> Disadvantages - none really.
>
> 2) how sound Bastille-linux is in terms of intrusion detection. Is
> there any criteria through which we can compare or measure its
> soundness.
> Bastille does not monitor for intrusion detection. Bastille is a
> lockdown (permissions, open ports) script

While it's true that the focus of Bastille is not intrusion
detection, it does have the ability to configure psad:

http://www.cipherdyne.org/psad/

This allows attacks to be detected via an iptables policy that is
configured in a default log-and-drop stance.

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------