130 likes | 333 Views
Bastille Security Tools. Mandrake Linux ships the Bastille security tools suite. It is a set of two tools ? one for basic configuration, and one allowing complex settings, which should make your machine much more secure. It is highly recommended that you run one of those tools just after installing
E N D
1. Securing Your Machine With BASTILLE Mandrake Linux
2. Bastille Security Tools Mandrake Linux ships the Bastille security tools suite. It is a set of two tools — one for basic configuration, and one allowing complex settings, which should make your machine much more secure.
It is highly recommended that you run one of those tools just after installing your machine, and even before connecting it to the network.
3. Bastille Ease of Configuration The BastilleChooser tool allows inexperienced users to easily secure their machine, while not imposing too many constraints on the daily use of the machine. The tool is a little wizard whose steps we are now going to describe.
To launch it, you need to run the command BastilleChooser from a Terminal as root. It is part of the Bastille-Chooser RPM package.
4. Introduction to the BastilleChooser Wizard The first step to using the wizard is to select the level of security to be applied to your machine.
As the text states, a high level of security has to be balanced against the ease of use - the 'friendliness of your system.
5. Workstation Security Level Details Workstation Configuration
Lax Security Level
No firewalling
Set security level to 2
Moderate Security Level
Moderate firewalling
Sets up password aging -- old unused accounts will be disabled
Sets security level to 3
Paranoid Security Level
Configures additional logging
Sets security level to 4
Restricts use of cron to root account
6. Server Security Level Details Server Configuration
Lax Security Level
No firewalling
Sets up password aging -- old unused accounts will be disabled
Set security level to 2
Moderate Security Level
Moderate firewalling
Enforces password aging
Sets security level to 3
Paranoid Security Level
Strong firewalling
Configures additional logging
Sets security level to 4
Enforces limits on resources to prevent DoS attack
7. Choosing a Security Level Based up the security levels and the role of the workstation or server, you need to select the right one for the job.
Remember also the placement;
Behind a firewall?
Filesharing?
Also see Security Levels in Detail
8. Server? Is your machine acting as a server?
As you chose Yes in the previous wizard, you are now asked to select the services allowed to get in your machine. Check the corresponding choice for each available service, and click the Finish button. The firewall will allow requests concerning the services marked as Yes in this dialog.
9. Choosing Services Now pick the services you want to allow to run! It lists the service and yes or no.
10. Bastille’s Advanced Security Configuration We are now presenting InteractiveBastille, a much more advanced tool, which allows even inexperienced people to make choices on a large number of security-related parameters.
Running all the wizards available may take up to an hour if you wish to do it carefully. But what is an hour compared to a break-in in your system?
11. A Typical InteractiveBastille Screen To launch this tool, you need to run the command InteractiveBastille from a Terminal as root. It is part of the Bastille RPM package.
InteractiveBastille is made up of 14 wizards. This is a very comprehensive firewall solution and takes time to configure for servers running multiple services.
12. 5 Parts to Interactive Bastille
13. Break-down of the GUI FYI on the InteractiveBastille screen:
The menu has 16 entries: one for the title screen, 14 corresponding to the 14 wizards, and an End screen, where you can validate the choices made in all wizards and make them active on the machine.
The question asked.
An explanatory text about the question, read it carefully before answering.
The answer is either a simple Yes/No choice or a field to fill with values, as explained in the explanatory text.
The navigation buttons:
Previous: will return to the previous screen of the current wizard,
Next: goes to the next question of the current wizard,
Explain Less/More: ask for more or less information.
14. Summary of InteractiveBastille This then, is the preferred way to proceed:
Open each wizard in turn. You probably do not need to run them all, as the first question generally determines whether you need to run that wizard or not.
At the End Screen answer Yes to make your changes effective.
Test the main features of your machine, test that access is denied for unauthorized services. In a nutshell check that your new settings act as you expect them to act and that there are no annoying side effects.
You may have to run the tool again until you get the desired result.