RFC: firewall-hint_v1.3

Paul Campbell paul at cmm.uklinux.net
Sun Aug 12 23:53:28 PDT 2001

On Monday 13 August 2001 04:53, you wrote:

> > Paul, I would agree with you that this would make a nice addition, but
> > the last I read about Bastille, they were specifically targeting RedHat
> > 6.x, and ignoring the rest of the world. Things may have changed, I don't
> > recall how long ago that was, but you might want to research what
> > platforms Bastille supports first.

> From what I read, yes, they are targeting Redhat.  However, it's not
> too difficult to tune things for another installation.  "Not too difficult"
> meaning - if you know your distro well enough.
> I think it was a Linux Journal article (or another Linux magazine)
> that had an article about it.  They tried it on SuSE 6.4, and, with
> a little tweaking, got it to work.
> But, I still don't think Bastille will be easy enough to work with for

I spent a few hours hoaking through the various perl scripts to see just what 
was involved in tweaking it to run on anything but  Red Hat / Mandrake Box.  
I can see that it is do-able and it claims just this in the source tar ball 
readmes but there is lots of work.  I haven't found the source of the $GLOBAL 
variables mentioned in the readme's as of yet, but the alternative is to edit 
the distro setup function directly.  And that not a one line sed operation 
either, although I think it would be possible to fake it into thinking it was 
a redhat box, but edit the redhat defines, to suit LFS.  Possible support may 
be gleened from the developers if we ask nicely.  I'm sure they would like to 
expand it's distro vocabulary. (or not)

> Tell us how to install the tools, any init scripts we may need,
> and a sample configuration file that is pretty restrictive.  Then,
> point us off to some links that discuss Firewall rules and
> security.  That's the best solution.
> Definitely include a disclaimer that says something like:
> "This configuration is not complete.
> It is only a reference.  Firewall security is a complex issue that
> requires good configuration rules.  You can find some great information
> about firewalls at http://......"

I can do this, if we can get past the above distro problem.  I feel most of 
the hard work is in that operation.  I not sure the problem is beyond me, but 
It will surely have me up to my neck in it.  Once installed, the 
configuration is easy.  Run- InteractiveBastille, and answer the questions.  
That is the bueaty of this beast.  Possibly a basic jist paragraph or two, a 
few jargon busters and a link or two as you suggest.

I'll have another crack at it over the next day or two, see what's what.

paul at cmm.uklinux.net

More information about the blfs-book mailing list