Slashdot Mirror
Ask Jon And Jay About Bastille Linux
You've heard about Bastille Linux 'round these parts before (on July 17 of this year) -- it's a set of scripts bundled to create (in combination with a base install of a distribution like Red Hat) a much more secure box than would be the default. The basic philosophy behind Bastille seems to be "It shouldn't be difficult to lock down your Linux box." Now, here's your chance to ask Bastille gurus Jon Lasser and Jay Beale about the project.You'll want to check out the project's main page, first, and also some of the security articles Jay's written as well as the additional information on his personal page. (And if that Lasser fellow's name is familiar, it should be -- he's also the author of the excellent Think Unix reviewed a few weeks ago.) So post your questions below, and Jay and Jon will soon respond in depth.
Jon, would you consider writting a "Think Unix"-like book on Linux security? As a real Linux (but not computer) newbie, I am frustrated that I have to struggle to understand what the heck is going on, whereas in other OS's I pretty much understand. What I uderstand of your book "Think Unix", it gives the reader a fundamental understanding of what is going on, sort of a modern "Inside the IBM PC" (by Peter Norton, a book that really helped me understand PC's in the DOS days...).
As someone who installed Linux for the first trime just a few days ago, you *know* I am gonna have to grab your Bastille tool, tonite in fact....thanks!
Going on means going far
Going far means returning
Going on means going far
Going far means returning
Thankfully, THAT isnt their intent. It is obvious that you are just looking to flamebait, and unfortunately, its a slow halloween, so I am feeding it.
:)
The simple truth is OpenBSD is *NOT* the perfect solution to all problem. You dont use a hammer to drill and vice versa.
This is about helping LINUX, not BSD. They are very different systems, despite being mostly-compatible.
Different goals, different licenses, and different focii.
However, and in the best spirit of slashdot, I hope that you honestly want to see a secure linux (I doubt it though).
If that is the case, then yes, it would be nice to see a line by line audit of code, but the sad fact is, there are still plenty of things to add BEFORE we start down that path.
Audits slow development WAY down. Thats one reason OpenBSD isnt nearly as portable as NetBSD. It wasnt intended to be, and its not a bad thing, its just a product of the process.
The first process in getting a truly secure linux would be convincing the major distributions that there IS a security issue, and a way to fix it.
Thats what Bastille does (IMHO).
GPL'd web-based tradewars themed space game
Thankfully, THAT isnt their intent. It is obvious that you are just looking to flamebait, and unfortunately, its a slow halloween, so I am feeding it.
that's what trolls do and that's all user 219096 cares to do. Take a quick look at what the troll posted and you can see the quality of the content.
[/rant]
In Soviet Russia...michael would be rotting in Siberia!
Given the high number of Linux forks, do you find it difficult to think in terms of the portability so your scripts can support the 180+ linux distros that now exist?
If it was said on slashdot, it MUST be true!
Currently Bastille seems aimed at shutting off unneeded services, making sure services don't run as root, and updating known security holes. It seems to me that this is a very good start, but is really only half of the story. Does Bastille have any plans to start an audit of the Linux kernel and userland for vulnerabilities ala OpenBSD? It seems to me that making Linux "theoretically" secure requires such an audit. Do you agree or disagree?
have a day,
-l
What is your take on the differing methods of:
a) Taking something that has been around for a long time (think inetd) and changing the configuration so that it is less vulnerable to existing exploits.
vs.
b) Replacing the older techniques with newer things (think tcpserver) that may be a little less convenient, at least in shifting methods, but protect the system better even if a particular service is compromised.
WARNING: there is a trojan on your
Also, can you give us some specifics about your plans for the future of Bastille Linux? What's the next big feature we'll see, and where do you see it going in the long run?
Check out AbiWord.
Actually this is a quite common question among those in the know. Why *DO* the Distribution makers enable services by default that can potentially leave the system wide open to script kiddies? Especially with the droves of Windows users whom are trying Linux for the first time and are not always up on the latest sendmail/wu-ftpd/bind/whatever exploit of the week. Creating a more secure environment from the get-go should definitely be in the eyes of the ditro-makers. I applaud Bastille for their work in helping make the Internet a safer place to be.
wolf31o2 Developer, Gentoo Linux Games Team
Do you guys have any plans to do something similar for Debian, or have others approached you about it? I'd love to apt-get install bastille, and have it do something similar to what I've heard it does for RH. Anyway, even if you don't, keep up the good work.
~luge
IAAL,BIANLY
Considering that you're promoting yourselves as security experts with a tool to secure Linux distributions, why is your verification on your tarball an MD5 checksum, which is much easier to forge than a PGP/GPG signature?
I think the md5 checksum is a good idea, for those who can't/won't install pgp or gpg, but why not authenticate with one, or both, public-key tools?
--Parity
--Parity
'Card carrying' member of the EFF.
First, if you want a default installation that's "hardened from the get-go", either run OpenBSD, or a non-UNIX that has no services.
:)
However, I don't see why this is really necessary. It's the sysadmin's job to secure his boxes, which is generally done after installation. First, you only select the services you need, then you tighten things up. Bastille just speeds this process up, and helps out novices a lot. Also, the OpenWall security patches (for the Linux kernel) are quite nifty; also, on ext2, chattr is pretty sweet if you're really paranoid.
It would be nice if a distro had a "Secure" option during installation, but basically they're just catering to the masses. Maybe you want to run 'ping'; maybe you're behind a firewall. Maybe you're not on the internet. Maybe you want to have all your services running in default configurations at startup, so you can tweak them later...
Basically, it's just easier to let the admin decide what to do with the box, and making it less secure makes that process easier for them as well. Most people don't know or care about security. And remember, just as the best form of birth control is still abstinence, the best form of network security is still the 'air-gap'.
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
As a user of Linux-Mandrake, I've noted its annoyingly unwavering tendency to re-write configuration files and re-set file permissions when one decides to use one of their graphical configuration tools.
That being said, are there any plans to add any such functionality to Bastille, such as, when bastille-firewall is started when entering multiuser mode, checking to make sure all its changes are still intact? Even better, perhaps setting up a cron job to run every few minutes to check to make sure, say, drakconf (or whatever a different distro uses) hasn't overwritten its changes?
Stating on Slashdot that I like cheese since 1997.
From what I understand, Bastille Linux allows the user to have a more secure Linux box by answering (simple?) questions. But who do you think should use it, experienced users who know already how to lock down their system but need a tool to do it quick or newbies who don't know anything about security?
This is a question for any administration automation tool, but it's a real issue, can you secure a Linux system without learning what's really going on?
Maybe it would be a good idea to distribute Bastille Linux as a Book+CD package
Have you looked into merging Bastille with any distros out-of-the-box? I'm sure that some of the major distros would be interested in this.
In what way does Bastille differentiate between different types of installs? Does it prompt the users about services? Will it shut off my apache service if I plan on making this machine a web server?
What third party tools do you install/recommend to help with the hardening of the system? Tripwire? tcpserver?
Do you incorporate any form of checking when doing your install to ensure that the box has not already been compromised, such as checking for common trojans/backdoors?
wolf31o2 Developer, Gentoo Linux Games Team
What were the top 3 most asinine security holes you ever encountered on a GNU/Linux distro?
The allusion is deliberate.
Have you given any thought to defaults for these scripts which would be task specific>? "This machine is a pure webserver" "This machine is my home firewall and family webserver" "This machine is an internal workstation". where you could make a coherent set of reccomendations. Security which prevents the work from getting done leads to amateur changes to loosen the security ...
How will Bastille allow users to treat their computer and network security as a "process" (as Bruce Schneier is quoted to say). Are there tools to help users deal with security "events"?
now we need to go OSS in diesel cars
It's the sysadmin's job to secure his boxes, which is generally done after installation. First, you only select the services you need, then you tighten things up.
Why not make it easy on everybody? Just make the default maximally tight, and make it "The Sysadmin's job" to OPEN any holes he wants open, rather than closing all the holes in the swiss cheese?
Especially when the distribution doesn't come with any document that even LISTS the holes in the cheese.
That way:
- The box is secure from the start: No temporary holes for somebody to break through and plant a backdoor while the sysadming gets around to closing holes.
- Ordinary users, or even newbies, can install and go right to work, without having to become a skilled sysadmin just to have a safe box. (Something not working? Bring up the config tool and turn it on.)
Both ordinary users and sysadmins would thank any distro vendor who did it this way.
So why don't they?
Probably because they fear a flood of support calls when things don't work because they aren't turned on yet.
So they leave their customers hanging out there with the wind blowing through the holes in their cheese.
Software liability, anyone?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Given the world's largest cluestick with which you could assault every single SysAd on the planet, what clues would you distribute, other than the use of bastille, and the knowledge that there's life outside computers?
--
"Don't trolls get tired?"
Well, my point was, sometimes it isn't that easy to turn something on or get it working after it has been secured. I don't necessarily like it, but that's the rationale, and it isn't so hard to run something like Bastille, either.
It would be nice if the default installs were more secure, though, and it sounds like Mandrake tries to give people that option upon installation.
The hardest thing to do is to make something like this easy and smart; any distro vendor who can do that gets my vote of confidence as well.
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
I have two questions actually.
The first: do you plan to make a non distribution specific hardening program/system/script? If so, how? It would be neat to have a consensus between distributions on file locations, etc to make this easier; do you plan on working with other distributions to come up with some sort of common interface or environment?
The second: do you plan on including any kernel based capability, IDS, or ACL addons? A good default use of these features would greatly increase the security of linux in general, but they are prohibitively complex for most users. Thus, these are great things to have taken care of by the system - do you plan on working on something to control these things (semi)automatically?
In a perfect world, the Bastille scripts would be unecessary, because the default installation of the distribution would have been hardened from the get-go.
Why do you feel that various distributions are so insecure by default? What are the most common mistakes they make? What kinds of changes need to happen at Red Hat to make your scripts unneeded?
Want to learn about race cars? Read my Book
Did you guys consider your own distro? Why, why not and will you create a full Bastille distro.
(One minor wishlist item: could you fix the Curses thing for sparc) Sorry, just had to sneak that in.
Sig
Appended to the end of comments you post. 120 chars
What features do you feel are missing from Bastille as it stands today, and aren't in the roadmap you have for the immediate future?
What elements of system security do you feel should be part of the "core" (if not the kernel) of the operating system, and why (in your opinions) aren't they there already?
I love vegetarians - some of my favorite foods are vegetarians.
I'd like to thank you guys for not making another distribution :) I'm terrified of a Free Software world were each and every major app(ie: word processor[Corel], desktop software[Mandrake], or security system[you case :]) needs an entirely different distribution underneath it.
:)
I'm glad Bastille relies on work that has already been done by others, rather than re-inventing the wheel.
Thank you
Dave
'Round the firewall,
Out the modem,
Through the router,
Down the wire,
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
Bastille is a great project, but ultimately it targets people who sort-of know what they are doing. How do you feel about projects like the NetBSD/i386 Firewall Project who (whilst having all sources available) targets people who have no clue other than "I need security" by giving them a firewall that has an install that's about as simple as one can make it? Is this just a matter of defining the target audience different?
I'd hate to see any Bastille Linux-oriented viruses or trojans. Maybe there will be one which triggers on July 14th of every year and echoes on the screen: "Liberté! Egalité! Fraternité!"
For more historical stuff on Bastille Day, check out this link to the French Embassy.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
it's nice that these kind of distros exist; but until all linux distros are by far more secure by default (like not havin millions of daemons running per default) everybody just have to learn securing their box the hard way - there is no quick way for anything. but hopefully this bastille linux will show the way.
just my 2 pennies
ound the message used repetitively over and over still nothing grows silen
I believe that the concept is not to attempt to replace OpenBSD, but rather to create a way to harden Linux. Most distributions leave themselves wide open for some script kiddie to root your box before you even get the chance to completely set it up. By creating a distribution that is more secure out of the box, it allows for a lessened chance of the machine being compromised prior to hardening. OpenBSD is not perfect. It *is* secure in its default install and is audited very rigorously. I applaud the OpenBSD team for their great pains in increasing security and awareness. I believe where Bastille really gets their merit is the situation where a person feels more comfortable using linux as opposed to a system that they may not be as familiar. I would feel more comfortable in securing a linux box than I would some other OS because I am more familiar with linux. This also solves a problem wherein a PHB decides that you're going to use that new lienucks thingy I have been hearing about. Not all decisions of what OS to use for a particular job are decided by someone who has a clue. Sometimes we just have to make best with the tools we are given. I think Bastille does an excellent job of doing this and making us feel a little better about the inherent insecurities of linux versus other systems.
wolf31o2 Developer, Gentoo Linux Games Team