Has anyone used Bastille on 9.3, and is it a better hardening utility than SUSEFirewall? Thanks, Fred -- "BIG BROTHER IS WATCHING YOU!" Brought to you by the US Department of Homeland Security and the Patriot Act(s) numerous Presidential Directives, etc.
Quoting Fred A. Miller <fmiller@lightlink.com>:
Has anyone used Bastille on 9.3, and is it a better hardening utility than SUSEFirewall?
Not IMHO. I have not used Bastille on SuSE 9.3. I have used it on Debian. The Bastille firewall is much more limited than SuSEfirewall2. If you have a single computer hooked to a dialup or broadband connection with no trusted computers (i.e., not on a LAN) and no servers with non-localhost access, it may be usable. If you want to spend as little time as possible, it may be useful. On the Debian box, I used its hardening abilities and substituted SuSEfirewall2 for the firewall (look on UnixReview.com for my article on how). Be judious with any hardening package. Almost every one I have used made some part of the system unusable. One required re-installing because it changed ownership and I had no record of the previous ownership and permissions. Don't go from wide open to tighter than whatever in one step. Take small steps and wait several days for the bugs to crawl out of the woodwork before taking the next step. Just my 0.02USD, Jeffrey
participants (2)
-
Fred A. Miller -
Jeffrey L. Taylor