Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hewlett Packard Joins Up With Bastille Project

Posted by timothy on from the those-penguins-are-pretty-clever-bob dept.

Jay Beale writes: "We've just recently released Bastille Linux 1.2.0 and it's pretty darn cool! It's now smarter, it's got a pretty new X interface and it works with the new 2.4 firewalling. Bastille shipped by default on Mandrake Linux 8 -- now, Hewlett Packard is helping us develop Bastille functionality for HP-UX. The page is here and the press release is here."

40 comments

  1. Let 'em eat cake by Anonymous Coward · · Score: 1

    The real Bastille was stormed during the French Revolution. Great analogy for a set of security scripts, if you ask me.

    1. Re:Let 'em eat cake by disappear · · Score: 3

      Absolutely: the problem wasn't the building, it was the administration.

      (Hint: it might help to read previous Slashdot stories to understand new ones. Context is everything.)

    2. Re:Let 'em eat cake by lars_stefan_axelsson · · Score: 1
      Which is funny when you think about it, since Bastille Linux, isn't about the building, but about the administration...

      Or you could say that they've learnt from their namesake, and are focusing on the right thing.

      --
      Stefan Axelsson
  2. Re:bastille by dair · · Score: 3
    Yeah ! but for over three or four centuries, it was proverbial that you can't escape from bastille
    Actually, the Bastille spent most of its life as a comfortable prison for aristocrats (who could keep their servants, entertain guests for dinner, etc). The expense of maintaining it meant it was scheduled to be knocked down by the government, and when it was 'stormed' it only held about half a dozen inmates - a couple of forgers, a count committed at the request of his family, and a lunatic.

    So perhaps not the best choice of names... :-)

    -dair
  3. Nice interface? by Chainsaw · · Score: 1

    it's got a pretty new X interface

    If that's new and pretty, I don't want to even consider looking at old and ugly interfaces. Who designed the Motif widget set anyway? Must have been Stevie Wonder.

    --
    War is one of the most horrible things a human can be exposed to. And one of the worlds largest industries.
  4. Actually, that's Tk... by slothbait · · Score: 1

    > If that's new and pretty, I don't want to even consider looking at old and ugly interfaces.

    ...which would be Athena. Actually, Athena is so utilitarian that I'm not sure it can even be judged on an aesthetic basis. It's almost orthogonal to beauty.

    > Who designed the Motif widget set anyway? Must have been Stevie Wonder.

    I'm not sure, but the application in question is using Tk, not Motif. IMHO Tk is less attractive than Motif, which is less than GTK, which is less than Qt. And, truthfully, I'm not just wild about Qt.

    Of course, GTK and Qt are themable, so you can tweak them to your liking, assuming that you don't mind the performance hit (not sure how bad it is). Actually, Tk may be themable too, but I've never looked into it.

    --Lenny

  5. the great paradigm shift by VAXGeek · · Score: 2

    Recently, many Unix vendors are jumping shift and changing their focus to Linux, such as Compaq, who recently sold Alpha to Intel. It is obvious that Compaq will stop selling Tru64 and OpenVMS and roll Tru64 features into Linux for a value added package. I have also heard from an inside source at HP that HP-UX is not long for this world. The HP engineers are quickly looking for parts of HP-UX that can be added to Linux 2.4. So, watch for many, many old Unix vendors to be making the shift to Linux soon. Even good old IBM has a finger in the pie!
    ------------
    a funny comment: 1 karma
    an insightful comment: 1 karma
    a good old-fashioned flame: priceless

    --
    this sig limit is too small to put anything good h
    1. Re:the great paradigm shift by malfunct · · Score: 1
      Its easy to see why they would do this. Considering we are in a world where unless you are MS you can't make money on an OS, it makes sense to drop your OS costs to as near to zero as you can.

      All the companies you listed sell hardware as thier main expertise, I doubt they would even worry about OS at all if a commodity OS would run "just right" on thier hardware. The jump to linux is to get free work done. The price of the hardware in the "enterprise" class doesn't change much based on operating system so you might as well throw on a free one if it does the job.

      The paradigm shift is not to "open source is better" but instead to "free OS's make us more money on hardware". I'm not sure if that is good or bad but I guess we will see soon.

      --

      "You can now flame me, I am full of love,"

    2. Re:the great paradigm shift by Daath · · Score: 1

      At work we've been talking to IBM about a large serverpark running Linux. The lead salesman (AIX dude), said that, and I'm quoting loosely, that Linux was great. It was a great way to pave the way for AIX.
      I was shocked.

      --
      Any technology distinguishable from magic, is insufficiently advanced.
  6. Re:Ugh by Ed+Avis · · Score: 1

    What I mean is, if you ship an OS with a concoction of different scripts doing strange things behind a GUI interface, it's difficult to see what is going on. I still haven't figured it out, and I'm not a total newbie. OTOH if things have to be explicitly enabled, it's more likely that it'll be well documented and explained what you have to do.

    --
    -- Ed Avis ed@membled.com
  7. Ugh by Ed+Avis · · Score: 2

    Like many Slashdot posters, I'm not sure I like the idea of 'slapped-on-top' security.

    I installed Mandrake 8.0, played with the security levels a bit, and found that it had decided to firewall my machine so that no connections could be made to it. Reasonable enough for a paranoid setup, but switching the security level back to 'low' didn't fix it.

    What annoyed me more was that there was no clear explanation of what had happened, so there wasn't an easy way to fix it. (I tried listing iptables/ipchains - nothing.) When stuff like this breaks, you need an obvious config file or two which you can fix by hand. 'man bastille' didn't help, and the files under /etc/sysconfig/ weren't well documented either.

    Of course this is a problem with 'easy' graphical setup tools in any area, not just Mandrake's version of Bastille. But for security, I'm not sure that this approach is the right one.

    It might be better to ship the OS in the most locked-down state by default and the user has to deliberately enable things like connections from the outside. Then at least the vendor would have an incentive to make this stuff robust and easy to set up.

    --
    -- Ed Avis ed@membled.com
    1. Re:Ugh by nuintari · · Score: 2

      I agree with you, distro's should ship with stuff turned off, and ports locked down tight. But this causes a small problem, "Customers want stuff to work out of the box."

      OpenBSD ships tightly locked down, but Theo and the team aren't trying to sell a product, they are writing an OS for themselves first and foremost, and to anyone who wants a copy, they'll sell ya a dirt cheap cd. But distro's like Red Hat and Mandrake are selling a product to people who want stuff to work, locking a system down causes confusion for the unitiated. It sucks, but you can't just print in the manual that "this is turned off by default" and expect people to notice because we all know, no newbie rtfm's.

      Really surprises me that REd Hat 7.1 ships with sendmail locked down to remote connections, if ya know sendmail, its easy to workaround. But for a Linux newbie who wants a mail server for his home...... he had to call me. You start locking systems down and selling a secure distro and all of a sudden, your tech support is flooded by callers screaming that "it doesn't work." Strangely enough, you even get this from fairly expirianced users, because we have come to expect stuff to work right out of the box.

      Its a shame really, a side effect of our instant oatmeal, quick fix, now now now society I guess. :-)

      --

      --Nuintari

      slashdot : where an opinion can be wrong.

    2. Re:Ugh by bkr1_2k · · Score: 1

      "I installed Mandrake 8.0, played with the security levels a bit, and found that it had decided to firewall my machine so that no connections could be made to it... It might be better to ship the OS in the most locked-down state by default and the user has to deliberately enable things like connections from the outside." Looks to me like Mandrake did exactly what you asked. It locked everything down. I'm not sure what problems you had...when I set my security levels differently (in Mandrake 8.0) and then restart the firewall everything works as expected.

      --
      "Growing old is inevitable; growing up is optional."
  8. Re:In related news.... by swb · · Score: 1

    Haha. It's at 17 of 105 right now.

  9. Re:The other Bush, but still interesting by anomaly · · Score: 2

    Are you suggesting that GHWB lost because Mr. Clinton was pro-atheist, and GHWB was anti-atheist?

    BTW - thanks for the link.
    I find the page a bit biased - for example, suggesting that all of the representatives in Congress are cowards for not defending the rights of athiests.

    It seems a bit of an exaggeration to suggest 2.2 million atheists have served in the military since WWII. I admit little to back that up, but the author making that assertion offers no backing for his belief in that number. It seems unlikely because the vast majority of Americans claim to be believers in God.

    In fact, a majority of Americans (something like 60%) claim to be "born again Christians."

    I find this number unlikely, but I can see why congress-people might tend to side with the majority who claim belief in God rather than the minority who assert that He does not exist.

    Thanks for the link, and the clarification that it was GHWB and not GWB.

    --
    But Herr Heisenberg, how does the electron know when I'm looking?
  10. Re:The other Bush, but still interesting -(Way OT) by anomaly · · Score: 2

    The number was inaccurate, but that's the fault of my memory. The source is Barna research, a Christian researcher who collects information on trends within our culture.

    The percentage of people in the US who identify themselves as Christian is about 85%. Those climing to be born again are about 40% of the country.

    Barna Research

    BTW - I'd be very interested to hear from you directly about why you feel that "born again" Christians are hokey and participating in a scam. Please email me directly, since this discussion is WAY OT. Respectfully, Anomaly

    --
    But Herr Heisenberg, how does the electron know when I'm looking?
  11. Re:bastille by sharkey · · Score: 2

    "Ve dond even hev arr own langvage, joost zis ztupid akzent!"

    --

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  12. Re:Wow, I'm good. by still+cynical · · Score: 1

    Damn! And I was just ready to call our HP rep to ask about pricing!

    "Yes, I'd like to order one of your new Armored Personnel Carriers."

    "No, I'm sure you make them, I read it on Slashdot."

    --
    Ignorance is the root of all evil.
  13. Re:Is there a bitchslapping... by MindStalker · · Score: 2

    I'm curious where you got your Bush quote from? Can you point to me the source?

  14. Re:bastille by Khalid · · Score: 2

    Yeah ! but for over three or four centuries, it was proverbial that you can't escape from bastille.

  15. Re:bastille by Khalid · · Score: 2

    If this is really true, I must say it's rather funny. Yes I knew it was mainly a prison for aristocrats, and not for "les sans culottes" a kind of 5 stars prison !

    Anyway ! only the myth, the legend and symbol, count :) well, it's kinda, sorta marketing for the revolution !!

  16. In related news.... by Foxman98 · · Score: 2

    The trolls have stormed the Bastille project. Out of 102 posts only 17 are 1 or above? Did I miss out on "National Troll Day" or sumthin?

    --
    S.t.e.v.e.
  17. Nice but... What's so different by joq · · Score: 3

    Immunix, NSA's SE-Linux, Bastille, Trustix, EnGarde ... All seek to claim "Secure Linux" with their distributions, yet I don't understand why the core developers of Linux don't sit down and audit their coding in better fashion?

    Maybe it's because I've used OpenBSD way too long, and am critical but I feel someone somewhere is missing some key factors when creating these so called "Secure" distro's.

    If Woody would have checked his code beforehand... this would have never happened. Remember that Woody Woodpecker cartoon? Well since I've made the switch to BSD's (Open for my site, Free @ home) I've never looked back at Linux.

    I will however say kudos to the Bastille team for having some positive news on the Linux side of things, and hopefully more vendors will start supporting, even advocating any version of Nix versus the alternative

    --

    Want Root?
    1. Re:Nice but... What's so different by ajayrockrock · · Score: 2
      Bastille isn't a distribution. It's a hardening system that runs on Redhat/Mandrake systems. It goes through your system and closes extra services, configures a firewall, disables user tools that are suid root and a bunch of other stuff. Everything is optional too for the people that want to leave ping/traceroute available to everyone or just root.

      Some people don't run Linux on a network so security isn't a concern for them.

    2. Re:Nice but... What's so different by lars_stefan_axelsson · · Score: 1
      Well, it was prof Spafford that said (paraphrased) that even if the tradition of UNIX wasn't security, the features are there to build a secure system. (Though a few design decisions could be debated IMHO).

      And that's really what one aspect of OpenBSD (of which I'm an avid fan) and Linux+Bastille (whatever) is all about. Secure defaults. Linux distros on their own tend more towards the 'UNIX' tradition of everything and the kitchen sink, on by default, to make installation 'easy.'

      Bastille seeks to at least check that the windows and doors are closed. OpenBSD then went one step further and went on with a code audit to ensure that the services and tools that actually have to run (i.e. that aren't 'unnecessary') don't have obvious weaknesses in them. Here Linux obviously lags behind, and here's where the core developers could play a part, and also where OpenBSD has the edge. Note however, that TANSTAAFL, and the Linux core developers may well have other priorites, that preclude them from investing all that time in a code audit. These things are expensive.

      I don't have a problem with this, there are niches for all the above solutions, i.e. in order of increasing (potential) security 'plain' Linux, Linux + Bastille, and OpenBSD. There are plenty of people out there with diverse enough security needs, and threats, to have room for them all.

      --
      Stefan Axelsson
  18. Hey Mr. Cynic, I take you've never used it by zrk · · Score: 3

    All software can be compromised if you've got the time and effort. But that's not what Bastille is about.

    Bastille does you a favor, and asks you if you need certain services or not. Most people don't, and Bastille will turn them off for you. Also, once you've done it, you can duplicate the behavior across your new server farm, saving you Boatloads of time and effort.

    Think of it as being the software to lock down your servers by reducing fluff in an easy fashion.

    Yes, coders should be "better" and yes, linux providers should be better with coming up with more secure distros, but since they don't, what's the harm in using something that does? For now, Bastille is it.

    My one gripe here is that what if you don't want X anywhere near your machine? I guess you're stuck with the clunky curses interface. (eh, well it's really not THAT bad).

  19. All distro's unix'en should do this by BierGuzzl · · Score: 2

    Bastille is an ambitious project, but also one that those who specialize in their respective unix/linux/--dare I say BSD would do well to contribute to. It's good to see this recognized from the commercial world. HP is once again showing leadership in embracing open source and supporting the community, and especially in the area of security, we all benefit.

  20. Re:bastille by sethgecko · · Score: 1
    The French know nothing of security. That's why they are always one of the first countries to fall when a world war breaks out.

    They did pretty well in the first one. Perhaps what you meant to say is that they fell pretty early on in World War II.

    --
    Be ot or bot ne ot, taht is the nestquoi.
  21. Re:It's a crazy idea, but... by msodfjsalfhlskdhf · · Score: 1
    just make a program that reboots the windows machine, installs linux, and then runs bastille...

    ====
    If all comedy comes out of tragedy, let the killing begin...

    --

    ====
    "white bread, redneck, chicken-shit, motherfucker" -- Dr. Dre on "Straight Outta Compton"

  22. bastille by broohd · · Score: 5

    If I'm not mistaken the Bastille was successfully stormed and overrun in the French Revolution. So much for security...

    1. Re:bastille by jockm · · Score: 1

      The soldiers garding the bastille put up a token resistance and then surrendered (they were mostly men of retirement age). For this, the mob killed them. Not one of the high-points of the revolution...

      --

      What do you know I wrote a novel
    2. Re:bastille by Smegma4U · · Score: 1

      I assume the reason that they called it Bastille was because it was supposedly an impregnable bastion of the government(i.e. Microsoft) which was successfully defeated by the common people working together(i.e. Linux). If you think about it, it's really a pretty good name...

      --
      If it's supposed to move and doesn't, use WD-40. If it moves and it shouldn't, use duct tape.
  23. Re:The other Bush, but still interesting -(Way OT) by daniel_isaacs · · Score: 1
    I suspect most people say they believe in God because they don't think about it. I also suspect most people don't believe in God, or Christ, at least. Just a suspicion. Many people associate atheism and public denouncing of Christ/God with Communism, and as such are not too vocal about their beliefs (or lack thereof).

    I'd like to know where the %60 came from. While that number may hold true for parts of the South, or the White House, I find it difficult to believe it's as widespread as %60 in the Country as a whole.

    But then, given how many Americans can'tfind Asia on a world map, it wouldn't be too suprising if %60 proclaim dedication to this hokey "Born Again" scam.

    PS: the obove are my OPINIONS. They ain't fact. Correct them if you can.

    --
    - Dan I.
  24. It's a crazy idea, but... by imipak · · Score: 3
    it might just work?

    How about a Windows port? Actually, a full-scale rewrite would probably be needed. Sure would get used a lot, though, and it'd be yet another foot-in-the-door for the GPL in Microsoft shops, which can only be a good thing.
    --
    "I'm not downloaded, I'm just loaded and down"

  25. Timothy, broken link by Scoria · · Score: 1

    Your link to http://www.bastille-linux.org/jay is broken.

    Forgot the colon. :grin:

    By the way, I think this teaming up of HP/Bastille is great. Both organizations, in my opinion, make great products (I say this as the owner of four HP computers, two routers, two APCs, two ScanJets, etc.) I've never had one fail.

    They run 'alternate' OSes quite well, too...

    --
    Do you like German cars?
  26. Wow, I'm good. by Scoria · · Score: 1

    I just used APC in place of "power backups." I suppose I shouldn't read the APC website and type a Slashdot comment about power backups at the same time...

    I do, however, hear that HP's power backups are actually manufactured by APC, so maybe I'm not completely wrong in saying that...

    ::bows head in shame and walks off::

    --
    Do you like German cars?
  27. The other Bush, but still interesting by bartle · · Score: 1

    Yeah, that quote caught my eye too. I did a Google search and found this. And I suppose GB Sr. never figured out how he lost to Clinton...

    1. Re:The other Bush, but still interesting by bartle · · Score: 1

      Are you suggesting that GHWB lost because Mr. Clinton was pro-atheist, and GHWB was anti-atheist?

      That whole election is ancient history in my mind, but I don't remember even hearing about that when it happened. I doubt that quote by itself cost him very many votes. It does reflect a certain mindset however that made a lot of people nervous.

      Although his statement wasn't offensive to the major monotheistic religions, it was pretty damning towards anybody who falls out of the mainstream. The whole church/state seperation forms a wall at the top of a very slippery slope, comdemning one religion that you don't like is not that far away from condemning others. I too found that paper a tad questionable, but that shouldn't detract from the statement itself.

      I don't think I can get any farther off topic here, so I'll bid this thread ado. It's just that I do enjoy interesting discourse where ever I can find it, even in a pseudo religious discussion pretending to have something to do with a project that's Linux related named after a French prison.

  28. Nice name: Bastille by Violet+Null · · Score: 2

    What a great name, because when I think Linux apps, I think of fortresses used frivolously by a noble ruling class to imprison those who annoyed them.

    Of course, you can play Rush's Bastille Day while configuring it, so it's not all bad.

  29. Go Dog Go! by standards · · Score: 3

    As Jeremey Fulton once said at one of those Linux conferences, "Bastille is a wonderful thing".

    In March, my company decided to get in on the Bastille bandwagon, as we thought it was good for us and for our customers. I must say that so far it has been a surprising success... my manager calculates that it'll save us about $25,000 per year - and we're a very small shop!

    Of course there are always teething problems, but we have found that the minor and temporary pains are far outweighed by the cleaner, more robust environment.

    Highly recommended.