Re: Information required about Bastille-linux

From: Michael Rash <mbr@xxxxxxxxxxxxxx>
Date: Thu, 14 Jun 2007 20:02:26 -0400

On Jun 13, 2007, john lokka wrote:

Hopefully, this will answer most of your questions

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of ahm_irf@xxxxxxxxx
Sent: Tuesday, June 12, 2007 9:52 PM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: Information required about Bastille-linux

1) I need to know advantages and disadvatages of Bastille-linux
Advantages - locks down red hat and mandrake linux platforms
- created via scripts (don't remember which language)
- easily modifible
- has a verification function (compare and contrast
between the "stored" baseline and the actual implementation

Disadvantages - none really.

2) how sound Bastille-linux is in terms of intrusion detection. Is
there any criteria through which we can compare or measure its
soundness.
Bastille does not monitor for intrusion detection. Bastille is a
lockdown (permissions, open ports) script

While it's true that the focus of Bastille is not intrusion
detection, it does have the ability to configure psad:

http://www.cipherdyne.org/psad/

This allows attacks to be detected via an iptables policy that is
configured in a default log-and-drop stance.

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

References:
- RE: Information required about Bastille-linux
  - From: john lokka

Prev by Date: RE: Information required about Bastille-linux
Next by Date: CFP: 3rd European Conference on Computer Network Defense (EC2ND) in Crete, Greece
Previous by thread: RE: Information required about Bastille-linux
Next by thread: CFP: 3rd European Conference on Computer Network Defense (EC2ND) in Crete, Greece
Index(es):
- Date
- Thread

Relevant Pages

Information required about Bastille-linux
... I need to know advantages and disadvatages of Bastille-linux ... how sound Bastille-linux is in terms of intrusion detection. ... Is there any criteria through which we can compare or measure its soundness. ...
(Focus-IDS)
RE: Information required about Bastille-linux
... I need to know advantages and disadvatages of Bastille-linux ... It's a script. ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
(Focus-IDS)