Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bastille Adds Reporting, Grabs Fed Attention

Posted by timothy on from the soon-comes-the-boiling-oil dept.

johnny.ihackstuff.com writes "NewsForge interviews the Bastille project lead Jay Beale about Bastille's cool new assessment feature, which reports and scores Linux security and -- as always -- makes Linux lockdown super-easy. Available for many distros and Mac OS X, too. Best of all, it's free and open source!" As Jay points out in the interview, the work was "sponsored by the U.S. government's Technical Support Working Group." An anonymous reader summarizes the new capability: "In essence, Bastille now does two things. In one mode, it locks down an operating system, tweaking the configuration for increased security, asking you about each step and teaching you along the way. In the new Assessment mode, it reports on what hardening steps have been taken and what could be taken."

9 of 151 comments (clear)

  1. Call me a bluff traditionalist... by gowen · · Score: 5, Funny

    ... but if I were starting a Linux security project, I'd name it after a prison which was difficult to escape from, rather than one famous for being stormed by about 1,000 upset Frenchmen.

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    1. Re:Call me a bluff traditionalist... by gowen · · Score: 5, Funny
      Bastille is a French word meaning "castle" or "stronghold"
      And "C'était une plaisanterie, vous clod d'humeur-moins" is a French phrase meaning "It was a joke, you humourless clod."
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  2. Why do we need to harden distros ? by Elgreco1 · · Score: 5, Insightful

    Why do we need hardening wizzards, tools software and so on. Why can't distributions be secure out of the box ?

    1. Re:Why do we need to harden distros ? by gowen · · Score: 5, Insightful
      Why can't distributions be secure out of the box ?
      Essentially, there's a trade off to be made between security and ease of use (for example, a hardened distro won't let users mount filesystems, let alone do it automagically. Desktop distros consider automounting CD's and USB sticks to be de rigeur.).

      Most distributions try to steer a happy medium. Some sacrifice security for simplicity. Others (like Bastille) take the opposite tack.
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    2. Re:Why do we need to harden distros ? by Daengbo · · Score: 5, Insightful

      Part of Bastille's goal is to educate the admin, as well, so (even if your distro is very secure out of the box) you can run the program, listen to all the checks and changes, learn from Bastille why things should be set up that way, and maybe admin your box better. Alas, though, most distros are not as secure as they should be, and Bastille will make you think about what tradeoffs you really want to make between ease of use and security.

      --
      Put identity in the browser.
    3. Re:Why do we need to harden distros ? by admorgan · · Score: 5, Insightful
      Why do we need hardening wizzards, tools software and so on. Why can't distributions be secure out of the box ?


      What about those of use whom don't use a distro? I often build systems from scratch and this gives me a convient useful tool to lock it down. Also why not go the other direction... Why don't distros use generic tools like this to keep their system secure out of the box. I would like to point out one thing though. People use linux for just about everything today. The wizard gives you the functionality to do non standard things to your system where as if the distro was secure out of the box when you add a new serice would you be able to say it was still secure or what happens if you make a mistake setting up a config file. Generic tools very good at what they do is much better than a large tools or relying on assumptions about the overall state of a system.
  3. Scoring systems by admorgan · · Score: 5, Insightful
    The score idea is actually pretty central here. When I first heard about it, I thought it was overly simplistic, but people really do get motivated and sometimes even jazzed up about improving the score on a system. They'll get a lower score than their ego tells them they should and will turn around and harden a few items on the box just to achieve a more encouraging score.

    This is an excelent example of making an application have a "value" as incentive to do the right thing. People are by nature competative and will strive to improve a "score" even if it doesn't necessarily help them in any way. I give cudose to whoever decided to add this feature.
    1. Re:Scoring systems by gowen · · Score: 5, Funny
      People are by nature competative and will strive to improve a "score" even if it doesn't necessarily help them in any way
      You're talking rubbish. Now, excuse me, I've got to go and whore some more Karma.
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  4. Re:A windows version by Sexy+Bern · · Score: 5, Informative
    The baseline security analyzer?

    http://www.microsoft.com/technet/security/tools/mb sahome.mspx