paul at cmm.uklinux.net
Sun Aug 12 23:53:28 PDT 2001
On Monday 13 August 2001 04:53, you wrote:
> > Paul, I would agree with you that this would make a nice addition, but
> > the last I read about Bastille, they were specifically targeting RedHat
> > 6.x, and ignoring the rest of the world. Things may have changed, I don't
> > recall how long ago that was, but you might want to research what
> > platforms Bastille supports first.
> From what I read, yes, they are targeting Redhat. However, it's not
> too difficult to tune things for another installation. "Not too difficult"
> meaning - if you know your distro well enough.
> I think it was a Linux Journal article (or another Linux magazine)
> that had an article about it. They tried it on SuSE 6.4, and, with
> a little tweaking, got it to work.
> But, I still don't think Bastille will be easy enough to work with for
I spent a few hours hoaking through the various perl scripts to see just what
was involved in tweaking it to run on anything but Red Hat / Mandrake Box.
I can see that it is do-able and it claims just this in the source tar ball
readmes but there is lots of work. I haven't found the source of the $GLOBAL
variables mentioned in the readme's as of yet, but the alternative is to edit
the distro setup function directly. And that not a one line sed operation
either, although I think it would be possible to fake it into thinking it was
a redhat box, but edit the redhat defines, to suit LFS. Possible support may
be gleened from the developers if we ask nicely. I'm sure they would like to
expand it's distro vocabulary. (or not)
> Tell us how to install the tools, any init scripts we may need,
> and a sample configuration file that is pretty restrictive. Then,
> point us off to some links that discuss Firewall rules and
> security. That's the best solution.
> Definitely include a disclaimer that says something like:
> "This configuration is not complete.
> It is only a reference. Firewall security is a complex issue that
> requires good configuration rules. You can find some great information
> about firewalls at http://......"
I can do this, if we can get past the above distro problem. I feel most of
the hard work is in that operation. I not sure the problem is beyond me, but
It will surely have me up to my neck in it. Once installed, the
configuration is easy. Run- InteractiveBastille, and answer the questions.
That is the bueaty of this beast. Possibly a basic jist paragraph or two, a
few jargon busters and a link or two as you suggest.
I'll have another crack at it over the next day or two, see what's what.
paul at cmm.uklinux.net
More information about the blfs-book