Red Hat / Fedora Core / SuSE / Mandrake | Debian | Gentoo | HP-UX | Mac OS X (UNIX Power Users Only)
|
Bastille supports a number of Linux distributions and operating systems. In the RPM-focused world, it supports
Fedora Core, Red Hat Enterprise, Red Hat Classic (Red Hat 6 through 9), SuSE and Mandrake systems. On
these systems, Bastille is primarily used via an RPM, though you can also download the raw source tarball.
Installing Bastille 2.x on Red Hat (Classic, Enterprise or Fedora Core), SuSE or Mandrake is easiest via the RPM.
You need to install the Bastille RPM as well as a supporting perl module to provide either the graphical or
text-based interface.
- First, install the Bastille RPM,
like so:
rpm -ivh Bastille-3.2.1-0.1.noarch.rpm
- Second, if you want to use Hardening mode, you'll need to install perl-Tk
(for our Graphical Interface) or perl-Curses (for console/text mode).
(Installing perl-Tk/perl-Curses isn't necessary in Assessment mode, as it
generates a report in both HTML and Text.)
You can usually do this most easily by getting the RPM shown in this table, installing
it via this command:
rpm -ivh perl-Tk-a.b-c.i386.rpm
or
rpm -ivh perl-Curses-d.e-f.i386.rpm
Alternatively, you can install these using the CPAN method, described here.
- Third, run the bastille command:
bastille -x (for Graphical Mode Hardening)
or
bastille -c (for Text Mode Hardening)
or
bastille --report (for Assessment and Reporting)
- NOTE: Just because you're su-ing or ssh-ing into a system doesn't mean you're stuck in text mode.
You can use graphical (X) programs like Bastille's Tk interface or browsers by forwarding your X connections over the ssh connection. It's very, very simple. Just do this:
ssh -X root@remote_box (when you were already SSH-ing)
OR
ssh -X root@127.0.0.1 (when you would normally just su)
|
Back to Top
Debian packages are available at this Debian package site maintained by Javier Fernandez-Sanguino Pena. Javier is an amazing Open Source developer who maintains both the Bastille port and the Tiger port for Debian.
Back to Top
Bastille is part of Gentoo, available through the portage system. Bryan Stine made a port of the current stable release set, which the Bastille project is working to integrate into the mainstream code for better maintainability.
Bryan's description of this effort follows:
Basically, since I've been patching it as maintenance for our portage package, all that's needed has been setting Gentoo-specific paths and adding some conditionals here and there (which I based on regexps used for other distros). Furthermore, the questions file was updated to reflect what Gentoo can support. Finally, I did some stuff to a few scripts and Perl modules to set Gentoo-specific routines up, such as rc-update for managing services and providing USE advice for Tk-based InteractiveBastille.
Apart from the core Bastille stuff, psad is being supported as a seperate package in Gentoo. My bastille patch did address included psad components, but the seperate package is a superior alternative.
The Bastille team's goal is to work with members of the Gentoo development team at LinuxWorld this year to integrate the code into Bastille's development tree, making maintenance easier and increasing our ability to bring the new functionality currently underway to Gentoo.
Back to Top
Bastille on Mac OS X (UNIX Power Users Only)
Bastille for Mac OS X is stable. We released a beta package at
ToorCon,
which became our production version after additional testing. It does require you to be a UNIX Power User though, as it does not have a Mac OSX-specific installer.
You can
download it here!.
Special note: because of issues in either X or perl-Tk on OSX, you'll get a trivial error when you finish running Bastille's front-end. Simply follow this up by running "bastille -b" to activate the back-end and implement the hardening steps you've chosen.
Interested beta testers should e-mail Jay Beale to discuss bugs and feature requests.
The following resources were useful in extending Bastille to OS X:
