Introduction

The Bastille Linux project aims to provide an interactive tool for the purpose of performing additional security hardening measures to increase the over-all security, and decrease the susceptibility of compromise for your Ubuntu system. This guide is designed to assist in the installation, and execution of the Bastille Linux tool for the purpose of hardening the security of your Ubuntu system.

IMPORTANT: Please be aware that Bastille Linux requires advanced knowledge, is site-specific and has several options that no longer apply to Ubuntu.

Target Audience

This guide is designed for intermediate to advanced users of Ubuntu, and is not recommended for beginners. The changes Bastille Linux can make to your Ubuntu system can potentially render parts of your system inoperative, or have other adverse affects. You should have a very good understanding of what will occur for every change you allow Bastille Linux to make, and understand any potential ramifications which may arise later from those changes. The author of this guide, the creators of Bastille Linux, and Ubuntu cannot be responsible for any adverse conditions with your Ubuntu system which may be caused by failure to understand what you are doing with Bastille Linux. You have been warned.

About Bastille Linux

The Bastille Linux package is available for your Ubuntu system via packages, and may be installed with the package tool you prefer (e.g. apt-get, aptitude, or Synaptic) via the UniversePackages. The package includes a user interface, and configuration engine. The primary user interface is an X interface using the Perl/Tk system, and there is also a Curses-based text interface as well. You may use Bastille Linux in two primary modes:

  • Interactively: Allows Bastille Linux to ask you a series of questions, with explanations of the concept involved and hardens your system according to your answers to those questions.
  • Non-Interactively: You may also edit a configuration file which may then be used with Bastille Linux to enforce the security hardening measures. This is a good way to automate the hardening of several servers, for example.

Bastille's security hardening measures come from widely accepted security best practices, such as the SANS Securing Linux Step by Step guides, Kurt Seifried's Linux Administrator's Security Guide, and other reputable security sources.

Now that you have some idea about what Bastille Linux is, and does, we'll cover installation, and use of Bastille Linux.

Installing Bastille Linux

You must enable the Universe repository in order to install Bastille Linux.

IMPORTANT: There is a problem with the package in 9.10 Karmic. You must install any of these packages first: bsd-mailx, mailx or mailutils. See Launchpad #434709 for details. It is reported to be fixed for 10.10 Lucid.

The apt-get command, to be issued from a terminal prompt is as follows:

sudo apt-get install bastille

If you prefer Synaptic, perform a search for Bastille, mark the Bastille package for installation, and click the Apply button.

Using Bastille Linux

This guide will cover using the Interactive mode with Bastille Linux, and specifically, the X version of the interactive tool. The text mode interactive interface, and the non-interactive mode will be discussed in future revisions of this guide.

To start Bastille Linux in the X-based interactive interface, open an instance of the Terminal application, and launch the Bastille Linux X-based interactive tool with root privileges, by typing the following at the prompt:

sudo bastille -x

IconsPage/warning.png If you receive an error such as: WARNING: /usr/bin/perl cannot find Perl module Tk. then you need to first install the perl-tk package via your preferred packaged manager, using the Universe Packages, for example with apt-get the following command issued from a terminal prompt will do:

sudo apt-get install perl-tk

Then try to start the Bastille Linux X-based interactive tool per the instructions above again.

When you execute the Bastille Linux tool, a disclaimer is first printed to the terminal, and you must accept the terms of the disclaimer to proceed. Type accept when prompted, to continue executing the Bastille Linux tool.

You should then see a graphical window appear, titled Bastille.

You will begin at the Title Screen where you must next click the OK button to proceed.

Upon clicking the OK button for the first time, the Bastille Linux X-based interactive tool will begin asking the questions, which appear in the Question text area, along with an explanation of the question being asked, which appears in the Explanation text area. Select the appropriate radio button control, (e.g. No or Yes) and click the OK button to continue to the next question.

This guide will not address the questions and possible answers presented by the Bastille Linux X-based interactive tool, as that is beyond the scope of the guide. The reader of this guide is expected to read the associated manual pages, and websites referred to in the Resources section of this guide to properly understand the questions, and their results on the system.

When you've reached the end of the questions, the Bastille Linux X-based interactive tool will ask if you are finished making changes to your Bastille configuration. If so, click the Yes radio button, and then click the OK button. A Save Configuration Changes dialog window will appear. Click the appropriate button to exit without saving changes, go back and change configuration, or save configuration.

A Finishing Up dialog window will then appear. You may then click the appropriate button to exit without changing your system, go back and change configuration, or apply configuration to system. If you wish to have the changes you chose applied to your system at this time, click the Apply Configuration to System button now.

A Credits window will appear, and you will also note much information in the Terminal window. You may see many ERROR entries in the output of the Terminal window. To determine what the ERROR entries refer to, and possibly make corrections to them, examine the log file /var/log/Bastille/error-log. Sometimes the ERROR conditions logged will contain suggestions to correct the problem, and should you choose to do so, you can then go back and re-run the Bastille Linux tool to re-apply changes.

Reverting Bastille Linux Changes

Should you decide that you would like to undo any, or all of the changes made to your Ubuntu system by Bastille Linux, you may use the RevertBastille command to undo all changes made by the Bastille Linux tool. For example, open a Terminal application, and type the following command at the prompt to revert (undo) the changes made by Bastille Linux:

sudo RevertBastille

After the RevertBastille tool finishes executing, the system will be configured as it was prior to hardening with Bastille Linux.

For more information on functions, capabilities, and the non-interactive mode of Bastille Linux, refer to the resources provided below.

Resources

Additional information related to Bastille Linux, GNU/Linux security hardening guidelines are available via the following resources:

Local System Resources

man bastille

System manual page for the Bastille Linux bastille tool

man bastillebackend

System manual page for the Bastille Linux BastilleBackEnd tool

man bastillechooser

System manual page for the Bastille Linux BastilleChooser tool

man revertbastille

System manual page for the Bastille Linux RevertBastille tool

man automatedbastilles

System manual page for the Bastille Linux AutomatedBastille tool

man interactivebastille

System manual page for the Bastille Linux InteractiveBastille tool

man undobastille

System manual page for the Bastille Linux {RevertBastille / UndoBastille tool

WWW Resources

Bastille Linux Home Page

Jay Beale's Linux/Unix Security Page

Linux Administrator's Security Guide

SANS Institute Website


CategorySecurity

BastilleLinux (last edited 2013-12-13 23:37:54 by knome)