The Bastille Linux Project was started by Jon Lasser, of UMBC, Ben Woodard, at VA Linux systems, and an informal group that met at a SANS 98 Conference. They were later joined by a large group of developers and beta testers, including Jay Beale, of UMUC.
Bastille Linux is aimed primarily at non-security-experts, who are less knowledgeable about security, but want to run a more secure distribution of Linux. Our goal is to build a more secure distribution based on an well-supported existing distribution. Our solution currently takes the form of a Universal Hardening Program which must be run immediately after installation of Redhat 6.0. Our Hardening Program is most unique in that virtually every task it performs is optional, giving immense flexibility, and that it educates the installing admin before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the greater security. This program is detailed further in our Informal Specification, but includes modules for:
Account Security Apache (web server) Configuration Automated System Patching Boot (physical) Security BIND (DNS server) Configuration FTP Server Configuration File Permission Tightening / SUID Audit Firewalling / Network Address Translation inetd/TCP Wrappers Configuration Logging Sendmail (mail server) Configuration Miscellaneous System Daemon Security PAM Configuration Print Server Security SSH installation and configuration Security Scanners ( in version 1.1)
Bastille Linux will be in development for as long as interest remains, but the first formal release will come at the SANS '99 Conference in San Francisco, CA, on the week of December 13, 1999.
The Bastille Hardening Program is open source, GPL-licensed. We welcome testers, developers, and security experts to contribute new security ideas and analysis. Interested testers should contact Jay Beale, via jay@nova.umuc.edu, for ease of coordination of efforts. If you would like to test a recent snampshot you may download it from here.
Jon Lasser, Lead Coordinator
Jay Beale, Lead Developer