Bastille Assessment and Reporting Mode

What is It?

Bastille now has assessment and reporting functionality, so that it can tell you what parts of the system aren't locked down. It examines the system in a read-only fashion, reporting on the status of each of its hardening items. For example, Bastille might check whether the DNS server is locked in a chroot prison, whether telnet is turned off, or even if passwords are required to be a good length. You can take a look at a Web-only demo of this through this link.

Bastille's new reporting functionality even assigns you a score, using weights you supply. These weights allow you to make some items count more than others, or even not count at all. You can use our weights, but you can just as easily use weights that are provided by one of the standards bodies or your organization's IT security or system administration staff.

The new reporting mode only works on Red Hat Linux (Fedora, Legacy and Enterprise) and SUSE Linux (Professional, Personal and Enterprise) right now, so please don't use it on other platforms unless you're helping with the testing process on those platforms. To help with the testing process on that platform, please contact Jay Beale or Bastile's development coordinator on that platform. We're actively working to test this functionality on our other platforms.

We're very proud of this new technology, whose creation was developed by Jay Beale, working with Carsten Gehrke and Charlie Long, contractors at the Space and Naval Warfare Systems Center San Diego (SPAWAR), who were sponsored by the US Government's TSWG. The internal test infrastructure on which this is built was developed by Keith Buck and his colleagues Robert Fritz and Tyler Easterling at Hewlett Packard.

Jay talks about this in an interview published on Newsforge.

How Do I Use It?

The assessment and reporting functionality is very easy to use. First, take a look at sample report to understand what it does. Next, just install Bastille on your system and run it with one of these arguments:

bastille --assess ( Assessment / Reporting mode )

bastille --assessnobrowser ( Assessment mode without report display )


Bastille will create three versions of the report, which is places in /var/log/Bastille/Assessment:

File Version
audit-report.html Full HTML version with javascript
audit-report.txt Text-only version
audit-log.txt Machine-parseable text version)

This report will include details and a score. Try assessing a system, then hardening and then re-assessing - it can be an educational experience that is very effective toward increasing your operating system security.

NOTE: Just because you're su-ing or ssh-ing into a system doesn't mean you're stuck in text mode.
You can use graphical (X) programs like Bastille's Tk interface or browsers by forwarding your X connections over the ssh connection. It's very, very simple. Just do this:

ssh -X root@remote_box (when you were already SSH-ing)


ssh -X root@ (when you would normally just su)