Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hewlett Packard Joins Up With Bastille Project

Posted by timothy on from the those-penguins-are-pretty-clever-bob dept.

Jay Beale writes: "We've just recently released Bastille Linux 1.2.0 and it's pretty darn cool! It's now smarter, it's got a pretty new X interface and it works with the new 2.4 firewalling. Bastille shipped by default on Mandrake Linux 8 -- now, Hewlett Packard is helping us develop Bastille functionality for HP-UX. The page is here and the press release is here."

20 of 40 comments (clear)

  1. Re:bastille by dair · · Score: 3
    Yeah ! but for over three or four centuries, it was proverbial that you can't escape from bastille
    Actually, the Bastille spent most of its life as a comfortable prison for aristocrats (who could keep their servants, entertain guests for dinner, etc). The expense of maintaining it meant it was scheduled to be knocked down by the government, and when it was 'stormed' it only held about half a dozen inmates - a couple of forgers, a count committed at the request of his family, and a lunatic.

    So perhaps not the best choice of names... :-)

    -dair
  2. the great paradigm shift by VAXGeek · · Score: 2

    Recently, many Unix vendors are jumping shift and changing their focus to Linux, such as Compaq, who recently sold Alpha to Intel. It is obvious that Compaq will stop selling Tru64 and OpenVMS and roll Tru64 features into Linux for a value added package. I have also heard from an inside source at HP that HP-UX is not long for this world. The HP engineers are quickly looking for parts of HP-UX that can be added to Linux 2.4. So, watch for many, many old Unix vendors to be making the shift to Linux soon. Even good old IBM has a finger in the pie!
    ------------
    a funny comment: 1 karma
    an insightful comment: 1 karma
    a good old-fashioned flame: priceless

    --
    this sig limit is too small to put anything good h
  3. Ugh by Ed+Avis · · Score: 2

    Like many Slashdot posters, I'm not sure I like the idea of 'slapped-on-top' security.

    I installed Mandrake 8.0, played with the security levels a bit, and found that it had decided to firewall my machine so that no connections could be made to it. Reasonable enough for a paranoid setup, but switching the security level back to 'low' didn't fix it.

    What annoyed me more was that there was no clear explanation of what had happened, so there wasn't an easy way to fix it. (I tried listing iptables/ipchains - nothing.) When stuff like this breaks, you need an obvious config file or two which you can fix by hand. 'man bastille' didn't help, and the files under /etc/sysconfig/ weren't well documented either.

    Of course this is a problem with 'easy' graphical setup tools in any area, not just Mandrake's version of Bastille. But for security, I'm not sure that this approach is the right one.

    It might be better to ship the OS in the most locked-down state by default and the user has to deliberately enable things like connections from the outside. Then at least the vendor would have an incentive to make this stuff robust and easy to set up.

    --
    -- Ed Avis ed@membled.com
    1. Re:Ugh by nuintari · · Score: 2

      I agree with you, distro's should ship with stuff turned off, and ports locked down tight. But this causes a small problem, "Customers want stuff to work out of the box."

      OpenBSD ships tightly locked down, but Theo and the team aren't trying to sell a product, they are writing an OS for themselves first and foremost, and to anyone who wants a copy, they'll sell ya a dirt cheap cd. But distro's like Red Hat and Mandrake are selling a product to people who want stuff to work, locking a system down causes confusion for the unitiated. It sucks, but you can't just print in the manual that "this is turned off by default" and expect people to notice because we all know, no newbie rtfm's.

      Really surprises me that REd Hat 7.1 ships with sendmail locked down to remote connections, if ya know sendmail, its easy to workaround. But for a Linux newbie who wants a mail server for his home...... he had to call me. You start locking systems down and selling a secure distro and all of a sudden, your tech support is flooded by callers screaming that "it doesn't work." Strangely enough, you even get this from fairly expirianced users, because we have come to expect stuff to work right out of the box.

      Its a shame really, a side effect of our instant oatmeal, quick fix, now now now society I guess. :-)

      --

      --Nuintari

      slashdot : where an opinion can be wrong.

  4. Re:The other Bush, but still interesting by anomaly · · Score: 2

    Are you suggesting that GHWB lost because Mr. Clinton was pro-atheist, and GHWB was anti-atheist?

    BTW - thanks for the link.
    I find the page a bit biased - for example, suggesting that all of the representatives in Congress are cowards for not defending the rights of athiests.

    It seems a bit of an exaggeration to suggest 2.2 million atheists have served in the military since WWII. I admit little to back that up, but the author making that assertion offers no backing for his belief in that number. It seems unlikely because the vast majority of Americans claim to be believers in God.

    In fact, a majority of Americans (something like 60%) claim to be "born again Christians."

    I find this number unlikely, but I can see why congress-people might tend to side with the majority who claim belief in God rather than the minority who assert that He does not exist.

    Thanks for the link, and the clarification that it was GHWB and not GWB.

    --
    But Herr Heisenberg, how does the electron know when I'm looking?
  5. Re:The other Bush, but still interesting -(Way OT) by anomaly · · Score: 2

    The number was inaccurate, but that's the fault of my memory. The source is Barna research, a Christian researcher who collects information on trends within our culture.

    The percentage of people in the US who identify themselves as Christian is about 85%. Those climing to be born again are about 40% of the country.

    Barna Research

    BTW - I'd be very interested to hear from you directly about why you feel that "born again" Christians are hokey and participating in a scam. Please email me directly, since this discussion is WAY OT. Respectfully, Anomaly

    --
    But Herr Heisenberg, how does the electron know when I'm looking?
  6. Re:bastille by sharkey · · Score: 2

    "Ve dond even hev arr own langvage, joost zis ztupid akzent!"

    --

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  7. Re:Let 'em eat cake by disappear · · Score: 3

    Absolutely: the problem wasn't the building, it was the administration.

    (Hint: it might help to read previous Slashdot stories to understand new ones. Context is everything.)

  8. Re:Is there a bitchslapping... by MindStalker · · Score: 2

    I'm curious where you got your Bush quote from? Can you point to me the source?

  9. Re:bastille by Khalid · · Score: 2

    Yeah ! but for over three or four centuries, it was proverbial that you can't escape from bastille.

  10. Re:bastille by Khalid · · Score: 2

    If this is really true, I must say it's rather funny. Yes I knew it was mainly a prison for aristocrats, and not for "les sans culottes" a kind of 5 stars prison !

    Anyway ! only the myth, the legend and symbol, count :) well, it's kinda, sorta marketing for the revolution !!

  11. In related news.... by Foxman98 · · Score: 2

    The trolls have stormed the Bastille project. Out of 102 posts only 17 are 1 or above? Did I miss out on "National Troll Day" or sumthin?

    --
    S.t.e.v.e.
  12. Nice but... What's so different by joq · · Score: 3

    Immunix, NSA's SE-Linux, Bastille, Trustix, EnGarde ... All seek to claim "Secure Linux" with their distributions, yet I don't understand why the core developers of Linux don't sit down and audit their coding in better fashion?

    Maybe it's because I've used OpenBSD way too long, and am critical but I feel someone somewhere is missing some key factors when creating these so called "Secure" distro's.

    If Woody would have checked his code beforehand... this would have never happened. Remember that Woody Woodpecker cartoon? Well since I've made the switch to BSD's (Open for my site, Free @ home) I've never looked back at Linux.

    I will however say kudos to the Bastille team for having some positive news on the Linux side of things, and hopefully more vendors will start supporting, even advocating any version of Nix versus the alternative

    --

    Want Root?
    1. Re:Nice but... What's so different by ajayrockrock · · Score: 2
      Bastille isn't a distribution. It's a hardening system that runs on Redhat/Mandrake systems. It goes through your system and closes extra services, configures a firewall, disables user tools that are suid root and a bunch of other stuff. Everything is optional too for the people that want to leave ping/traceroute available to everyone or just root.

      Some people don't run Linux on a network so security isn't a concern for them.

  13. Hey Mr. Cynic, I take you've never used it by zrk · · Score: 3

    All software can be compromised if you've got the time and effort. But that's not what Bastille is about.

    Bastille does you a favor, and asks you if you need certain services or not. Most people don't, and Bastille will turn them off for you. Also, once you've done it, you can duplicate the behavior across your new server farm, saving you Boatloads of time and effort.

    Think of it as being the software to lock down your servers by reducing fluff in an easy fashion.

    Yes, coders should be "better" and yes, linux providers should be better with coming up with more secure distros, but since they don't, what's the harm in using something that does? For now, Bastille is it.

    My one gripe here is that what if you don't want X anywhere near your machine? I guess you're stuck with the clunky curses interface. (eh, well it's really not THAT bad).

  14. All distro's unix'en should do this by BierGuzzl · · Score: 2

    Bastille is an ambitious project, but also one that those who specialize in their respective unix/linux/--dare I say BSD would do well to contribute to. It's good to see this recognized from the commercial world. HP is once again showing leadership in embracing open source and supporting the community, and especially in the area of security, we all benefit.

  15. bastille by broohd · · Score: 5

    If I'm not mistaken the Bastille was successfully stormed and overrun in the French Revolution. So much for security...

  16. It's a crazy idea, but... by imipak · · Score: 3
    it might just work?

    How about a Windows port? Actually, a full-scale rewrite would probably be needed. Sure would get used a lot, though, and it'd be yet another foot-in-the-door for the GPL in Microsoft shops, which can only be a good thing.
    --
    "I'm not downloaded, I'm just loaded and down"

  17. Nice name: Bastille by Violet+Null · · Score: 2

    What a great name, because when I think Linux apps, I think of fortresses used frivolously by a noble ruling class to imprison those who annoyed them.

    Of course, you can play Rush's Bastille Day while configuring it, so it's not all bad.

  18. Go Dog Go! by standards · · Score: 3

    As Jeremey Fulton once said at one of those Linux conferences, "Bastille is a wonderful thing".

    In March, my company decided to get in on the Bastille bandwagon, as we thought it was good for us and for our customers. I must say that so far it has been a surprising success... my manager calculates that it'll save us about $25,000 per year - and we're a very small shop!

    Of course there are always teething problems, but we have found that the minor and temporary pains are far outweighed by the cleaner, more robust environment.

    Highly recommended.