Bastille Hardening program "locks down" an operating system.
Bastille currently supports the Red Hat (Fedora Core, Enterprise, and Numbered/Classic), SUSE, Debian, Gentoo, and Mandrake distributions, along with HP-UX and Mac OS X. Bastille's focuses on letting the system's user/administrator choose exactly how to harden the operating system.
In its default hardening mode, it interactively asks the user questions, explains the topics of those questions, and builds a policy based on the user's answers. It then applies the policy to the system. In its assessment mode, it builds a report intended to teach the user about available security settings as well as inform the user as to which settings have been tightened.
Why use it?
Bastille broke new ground by working to educate users about security, and help them make balanced, informed choices. Many users have found Bastille's secondary goal of educational just as useful as its primary goal of system hardening, leading some organizations to make an interactive Bastille hardening session part of their training regimen for new system administrators. In this spirit, Bastille can allow the user to run through the entire interactive portion without applying the chosen changes.
Who Uses It?
Bastille has become a vital part of the security hardening space. It's the most used hardening tool for Linux and HP-UX and is shipped by the vendor on SuSE, Debian, Gentoo and HP-UX. It is covered in all of the major books on Linux Security and has been the subject of a number of articles. Most recently, the Center for Internet Security's Linux Hardening Guide has recommended the use of Bastille to help harden systems.
What's New in This Release:
· Updated for Fedora Core 5, SUSE 10, Mandriva 10.0, 10.1, 2006*, and preliminary support for Tiger.